CVE-2020-35669

MEDIUM

dart/http < 0.12.2 and Pub/http < 0.13.3 - CRLF Injection via HTTP Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35669. PoCs published by n0npax.

AI-analyzed exploit summary This repository demonstrates a header injection vulnerability in the Dart HTTP library (CVE-2020-35669) where user-controlled input in the Request constructor can manipulate HTTP headers, potentially leading to SSRF or request smuggling attacks. The PoC shows how a crafted request can bypass intended host restrictions when behind a reverse proxy.

Description

An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request.

Exploits (1)

nomisec WORKING POC 1 stars
by n0npax · poc
https://github.com/n0npax/CVE-2020-35669

This repository demonstrates a header injection vulnerability in the Dart HTTP library (CVE-2020-35669) where user-controlled input in the Request constructor can manipulate HTTP headers, potentially leading to SSRF or request smuggling attacks. The PoC shows how a crafted request can bypass intended host restrictions when behind a reverse proxy.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: Dart HTTP library (http package) version ^0.12.2
No auth needed
Prerequisites: Dart HTTP library (http package) version ^0.12.2 · Network access to a reverse proxy or vulnerable server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/dart-lang/http/issues/511
Broken Link, Release Notes, Third Party Advisory x_refsource_misc
https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133

Scores

CVSS v3 6.1
EPSS 0.2538
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-74
Status published
Products (2)
dart/http < 0.12.2
Pub/http 0 - 0.13.3Pub
Published Dec 24, 2020
Tracked Since Feb 18, 2026