CVE-2020-35669

Опубликовано: 24 дек. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request.

Ссылки

https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133
Broken Link
Release Notes
Third Party Advisory
https://github.com/dart-lang/http/issues/511
Exploit
Patch
Third Party Advisory
https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133
Broken Link
Release Notes
Third Party Advisory
https://github.com/dart-lang/http/issues/511
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dart:http:*:*:*:*:*:dart:*:*

Версия до 0.12.2 (включая)

EPSS

Процентиль: 96%

0.25314

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-4rgh-jx4f-qfcq