Vulnerabilities > Dart

DATE CVE VULNERABILITY TITLE RISK
2023-04-10 CVE-2014-125098 Cross-site Scripting vulnerability in Dart Http Server
A vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic.
network
low complexity
dart CWE-79
6.1
2022-10-27 CVE-2022-3095 The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards.
network
low complexity
dart flutter
critical
9.8
2022-02-18 CVE-2022-0451 Incorrect Authorization vulnerability in Dart Software Development KIT
Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects.
network
low complexity
dart CWE-863
4.0
2022-01-05 CVE-2021-22567 Unspecified vulnerability in Dart Software Development KIT
Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign.
network
dart
3.5
2021-12-09 CVE-2021-22568 Exposure of Resource to Wrong Sphere vulnerability in Dart Software Development KIT
When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev.
network
dart CWE-668
6.0
2021-04-22 CVE-2021-22540 Cross-site Scripting vulnerability in Dart Software Development KIT
Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering.
network
dart CWE-79
4.3
2020-12-24 CVE-2020-35669 Injection vulnerability in Dart Http
An issue was discovered in the http package through 0.12.2 for Dart.
network
dart CWE-74
4.3
2020-03-26 CVE-2020-8923 Cross-site Scripting vulnerability in Dart Software Development KIT
An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS).
network
dart CWE-79
4.3
2020-01-23 CVE-2012-5389 NULL Pointer Dereference vulnerability in Dart Powertcp Webserver FOR Activex 1.9.0.0/1.9.1.0/1.9.2
NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request.
network
low complexity
dart CWE-476
5.0
2012-10-04 CVE-2012-3819 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dart Powertcp Activex
Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request.
network
low complexity
dart CWE-119
5.0