CVE-2021-22567

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
GoogleCNA
4.6 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
dartdart_software_development_kit
𝑥
< 2.15.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md
https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41
https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md
https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41