CVE-2021-22567

Опубликовано: 05 янв. 2022

Источник: nvd

CVSS3: 4.6

CVSS3: 3.5

CVSS2: 3.5

EPSS Низкий

Описание

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways.

Ссылки

https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41
Patch
Third Party Advisory
https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dart:dart_software_development_kit:*:*:*:*:*:*:*:*

Версия до 2.15.0 (исключая)

EPSS

Процентиль: 34%

0.00141

Низкий

4.6 Medium

CVSS3

3.5 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-284

NVD-CWE-Other

EPSS

Процентиль: 34%

0.00141

Низкий

4.6 Medium

CVSS3

3.5 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-284

NVD-CWE-Other