CVE-2021-22567

MEDIUM

Dart Software Development Kit < 2.15.0 - Improper Access Control via Bidirectional Unicode Text

Title source: llm
STIX 2.1

Description

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways.

References (2)

Core 2

Scores

CVSS v3 4.6
EPSS 0.0060
EPSS Percentile 44.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (1)
dart/dart_software_development_kit < 2.15.0
Published Jan 05, 2022
Tracked Since Feb 18, 2026