Unrated severityNVD Advisory· Published Feb 18, 2022· Updated Apr 21, 2025
Auth bypass in Dark SDK
CVE-2022-0451
Description
Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Google LLC/Dart SDKv5Range: unspecified
Patches
Vulnerability mechanics
References
2- dart-review.googlesource.com/c/sdk/+/229947mitrex_refsource_MISC
- github.com/dart-lang/sdk/commit/57db739be0ad4629079bfa94840064f615d35abcmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.