CVE-2022-3095

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-3095

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3095.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3095

Published

2022-10-27T16:15:09.600Z

Modified

2026-04-10T04:47:42.688204Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.

References

https://github.com/dart-lang/sdk/blob/master/CHANGELOG.md#2182---2022-09-28

Affected packages

Git / github.com/dart-lang/sdk

Affected ranges

Type

GIT

Repo

https://github.com/dart-lang/sdk

Events

Introduced

Fixed

63c2197b976931c6472d9dc9574f98ff2ae9408c

Introduced

Fixed

c09cb46304325cc59890ef685d33f5e022da047e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.18.0"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "3.3.3"
        }
    ]
}

Affected versions

1.*

1.11.0

1.11.0-dev.2.0

1.11.0-dev.3.0

1.11.0-dev.4.0

1.11.0-dev.5.0

1.11.0-dev.5.1

1.11.0-dev.5.2

1.11.0-dev.5.3

1.11.0-dev.5.4

1.11.0-dev.5.5

1.11.0-dev.5.6

1.11.0-dev.5.7

1.11.1

1.11.2

1.11.3

1.12.0

1.12.1

1.12.2

1.13.0

1.13.1

1.13.2

1.14.0

1.14.1

1.14.2

1.15.0

1.16.0

1.16.1

1.17.0

1.17.1

1.18.0

1.18.1

1.19.0

1.19.1

1.20.0

1.20.1

1.21.0

1.21.1

1.22.0

1.22.1

1.23.0

1.24.0

1.24.1

1.24.2

1.24.3

2.*

2.0.0

2.1.0

2.1.1

2.10.0

2.10.1

2.10.2

2.10.3

2.10.4

2.10.5

2.12.0

2.12.1

2.12.2

2.12.3

2.12.4

2.13.0

2.13.1

2.13.3

2.13.4

2.14.0

2.14.1

2.14.2

2.14.3

2.14.4

2.15.0

2.15.1

2.16.0

2.16.1

2.16.2

2.17.0

2.17.1

2.17.3

2.17.5

2.17.6

2.17.7

2.18.0

2.18.1

2.18.2

2.18.3

2.18.4

2.18.5

2.18.6

2.18.7

2.19.0

2.19.1

2.19.2

2.19.3

2.19.4

2.19.5

2.19.6

2.2.0

2.3.0

2.3.1

2.3.2

2.4.0

2.4.1

2.5.0

2.5.1

2.5.2

2.6.0

2.6.1

2.7.0

2.7.1

2.7.2

2.8.1

2.8.2

2.8.3

2.8.4

2.9.0

2.9.1

2.9.2

2.9.3

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.3.0

3.3.1

3.3.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3095.json"