CVE-2022-0451
Last modified
CVE-2022-0451 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. EPSS estimates a 0.98% chance of exploitation in the next 30 days.
Description
Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dart | Dart Software Development Kit | < 2.16.0 |
References
- https://dart-review.googlesource.com/c/sdk/+/229947Issue Tracking, Patch, Third Party Advisory
- https://github.com/dart-lang/sdk/commit/57db739be0ad4629079bfa94840064f615d35abcPatch, Third Party Advisory
- https://dart-review.googlesource.com/c/sdk/+/229947Issue Tracking, Patch, Third Party Advisory
- https://github.com/dart-lang/sdk/commit/57db739be0ad4629079bfa94840064f615d35abcPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-0451?
How severe is CVE-2022-0451?
How do I fix CVE-2022-0451?
Are you affected by CVE-2022-0451?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST