CVE-2021-22567
MEDIUMDart Software Development Kit < 2.15.0 - Improper Access Control via Bidirectional Unicode Text
Title source: llmDescription
Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways.
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md
Patch, Third Party Advisory x_refsource_misc
https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41
Scores
CVSS v3
4.6
EPSS
0.0060
EPSS Percentile
44.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
dart/dart_software_development_kit
< 2.15.0
Published
Jan 05, 2022
Tracked Since
Feb 18, 2026