ID CVE-2020-35669
Summary An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request.
References
Vulnerable Configurations
  • cpe:2.3:a:dart:http:-:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:-:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.1\+3:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.1\+3:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.2:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.2:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+1:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+1:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+2:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+2:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+3:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+3:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+4:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+4:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+5:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+5:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+6:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+6:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+7:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+7:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+8:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+8:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+9:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+9:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+10:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+10:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+11:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+11:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+12:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+12:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+13:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+13:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+14:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+14:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+15:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+15:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+16:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+16:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.11.3\+17:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.11.3\+17:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.12.0:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.12.0:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.12.0\+2:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.12.0\+2:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.12.0\+3:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.12.0\+3:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.12.0\+4:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.12.0\+4:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.12.1:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.12.1:*:*:*:*:dart:*:*
  • cpe:2.3:a:dart:http:0.12.2:*:*:*:*:dart:*:*
    cpe:2.3:a:dart:http:0.12.2:*:*:*:*:dart:*:*
CVSS
Base: 4.3 (as of 28-06-2021 - 12:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
misc https://github.com/dart-lang/http/issues/511
Last major update 28-06-2021 - 12:15
Published 24-12-2020 - 03:15
Last modified 28-06-2021 - 12:15
Back to Top