Vulnerabilities > Dart > Dart Software Development KIT > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2022-0451 | Incorrect Authorization vulnerability in Dart Software Development KIT Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. | 4.0 |
| 2021-12-09 | CVE-2021-22568 | Exposure of Resource to Wrong Sphere vulnerability in Dart Software Development KIT When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. | 6.0 |
| 2021-04-22 | CVE-2021-22540 | Cross-site Scripting vulnerability in Dart Software Development KIT Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. | 4.3 |
| 2020-03-26 | CVE-2020-8923 | Cross-site Scripting vulnerability in Dart Software Development KIT An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). | 4.3 |