CVE-2022-0451

MEDIUM

Dart SDK <2.16.0 - Info Disclosure

Title source: llm

Description

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond.

References (2)

[Issue Tracking, Patch, Third Party Advisory] https://dart-review.googlesource.com/c/sdk/+/229947

[Patch, Third Party Advisory] https://github.com/dart-lang/sdk/commit/57db739be0ad4629079bfa94840064f615d35abc

View Patch ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-305 CWE-863

Status published

Products (1)

dart/dart_software_development_kit < 2.16.0

Published Feb 18, 2022

Tracked Since Feb 18, 2026