VYPR

Dart SDK

by Dart SDK

Source repositories

CVEs (3)

  • CVE-2020-8923MedMar 26, 2020
    risk 0.35cvss 5.4epss 0.00

    An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and…

  • CVE-2022-0451MedFeb 18, 2022
    risk 0.00cvss 6.5epss 0.01

    Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to…

  • CVE-2021-22540MedApr 22, 2021
    risk 0.00cvss 6.1epss 0.01

    Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.