CVE-2020-8923

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-8923

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8923.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-8923

Related

GHSA-hfq3-v9pv-p627

Published

2020-03-26T12:15:12.217Z

Modified

2026-01-30T01:42:23.920564Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements.

References

https://github.com/dart-lang/sdk/security/advisories/GHSA-hfq3-v9pv-p627

Affected packages

Git / github.com/dart-lang/sdk

Affected ranges

Type: GIT
Repo: https://github.com/dart-lang/sdk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1c9356d8990a2a8c90c66097e20cb2f22e5cc267

Affected versions

1.*

1.11.0

1.11.0-dev.2.0

1.11.0-dev.3.0

1.11.0-dev.4.0

1.11.0-dev.5.0

1.11.0-dev.5.1

1.11.0-dev.5.2

1.11.0-dev.5.3

1.11.0-dev.5.4

1.11.0-dev.5.5

1.11.0-dev.5.6

1.11.0-dev.5.7

1.11.1

1.11.2

1.11.3

1.12.0

1.12.0-dev.0.0

1.12.0-dev.1.0

1.12.0-dev.1.1

1.12.0-dev.2.0

1.12.0-dev.2.1

1.12.0-dev.2.2

1.12.0-dev.3.0

1.12.0-dev.3.1

1.12.0-dev.4.0

1.12.0-dev.5.0

1.12.0-dev.5.1

1.12.0-dev.5.10

1.12.0-dev.5.2

1.12.0-dev.5.3

1.12.0-dev.5.5

1.12.0-dev.5.6

1.12.0-dev.5.7

1.12.0-dev.5.8

1.12.0-dev.5.9

1.12.1

1.12.2

1.13.0

1.13.0-dev.0.0

1.13.0-dev.1.0

1.13.0-dev.2.0

1.13.0-dev.3.0

1.13.0-dev.3.1

1.13.0-dev.4.0

1.13.0-dev.5.0

1.13.0-dev.6.0

1.13.0-dev.7.0

1.13.0-dev.7.1

1.13.0-dev.7.10

1.13.0-dev.7.11

1.13.0-dev.7.12

1.13.0-dev.7.2

1.13.0-dev.7.3

1.13.0-dev.7.4

1.13.0-dev.7.5

1.13.0-dev.7.6

1.13.0-dev.7.7

1.13.0-dev.7.8

1.13.0-dev.7.9

1.13.1

1.13.2

1.14.0

1.14.0-dev.0.0

1.14.0-dev.1.0

1.14.0-dev.2.0

1.14.0-dev.3.0

1.14.0-dev.4.0

1.14.0-dev.5.0

1.14.0-dev.6.0

1.14.0-dev.7.0

1.14.0-dev.7.1

1.14.0-dev.7.2

1.14.1

1.14.2

1.15.0

1.15.0-dev.0.0

1.15.0-dev.1.0

1.15.0-dev.2.0

1.15.0-dev.3.0

1.15.0-dev.4.0

1.15.0-dev.5.0

1.15.0-dev.5.1

1.16.0

1.16.0-dev.0.0

1.16.0-dev.1.0

1.16.0-dev.2.0

1.16.0-dev.3.0

1.16.0-dev.4.0

1.16.0-dev.5.0

1.16.0-dev.5.1

1.16.0-dev.5.2

1.16.0-dev.5.3

1.16.0-dev.5.4

1.16.0-dev.5.5

1.16.1

1.17.0

1.17.0-dev.0.0

1.17.0-dev.1.0

1.17.0-dev.2.0

1.17.0-dev.3.0

1.17.0-dev.4.0

1.17.0-dev.4.1

1.17.0-dev.5.0

1.17.0-dev.6.0

1.17.0-dev.6.1

1.17.0-dev.6.2

1.17.0-dev.6.3

1.17.0-dev.6.4

1.17.1

1.18.0

1.18.0-dev.0.0

1.18.0-dev.1.0

1.18.0-dev.2.0

1.18.0-dev.3.0

1.18.0-dev.4.0

1.18.0-dev.4.1

1.18.0-dev.4.2

1.18.0-dev.4.3

1.18.0-dev.4.4

1.18.1

1.19.0

1.19.0-dev.0.0

1.19.0-dev.1.0

1.19.0-dev.2.0

1.19.0-dev.2.1

1.19.0-dev.2.2

1.19.0-dev.2.3

1.19.0-dev.3.0

1.19.0-dev.4.0

1.19.0-dev.5.0

1.19.0-dev.6.0

1.19.0-dev.6.1

1.19.0-dev.7.0

1.19.0-dev.7.1

1.19.0-dev.7.2

1.19.0-dev.7.3

1.19.1

1.20.0

1.20.0-dev.0.0

1.20.0-dev.1.0

1.20.0-dev.10.0

1.20.0-dev.10.1

1.20.0-dev.10.2

1.20.0-dev.10.3

1.20.0-dev.2.0

1.20.0-dev.3.0

1.20.0-dev.4.0

1.20.0-dev.5.0

1.20.0-dev.6.0

1.20.0-dev.7.0

1.20.0-dev.8.0

1.20.0-dev.9.0

1.20.1

1.21.0

1.21.0-dev.0.0

1.21.0-dev.1.0

1.21.0-dev.10.0

1.21.0-dev.11.0

1.21.0-dev.11.1

1.21.0-dev.11.2

1.21.0-dev.11.3

1.21.0-dev.2.0

1.21.0-dev.3.0

1.21.0-dev.4.0

1.21.0-dev.5.0

1.21.0-dev.6.0

1.21.0-dev.7.0

1.21.0-dev.8.0

1.21.0-dev.9.0

1.21.1

1.22.0

1.22.0-dev.0.0

1.22.0-dev.1.0

1.22.0-dev.10.0

1.22.0-dev.10.1

1.22.0-dev.10.2

1.22.0-dev.10.3

1.22.0-dev.10.4

1.22.0-dev.10.5

1.22.0-dev.10.6

1.22.0-dev.10.7

1.22.0-dev.2.0

1.22.0-dev.3.0

1.22.0-dev.4.0

1.22.0-dev.5.0

1.22.0-dev.6.0

1.22.0-dev.7.0

1.22.0-dev.8.0

1.22.0-dev.9.0

1.22.0-dev.9.1

1.22.1

1.23.0

1.23.0-dev.0.0

1.23.0-dev.1.0

1.23.0-dev.10.0

1.23.0-dev.11.0

1.23.0-dev.11.1

1.23.0-dev.11.10

1.23.0-dev.11.11

1.23.0-dev.11.2

1.23.0-dev.11.3

1.23.0-dev.11.4

1.23.0-dev.11.5

1.23.0-dev.11.6

1.23.0-dev.11.7

1.23.0-dev.11.8

1.23.0-dev.2.0

1.23.0-dev.3.0

1.23.0-dev.4.0

1.23.0-dev.5.0

1.23.0-dev.6.0

1.23.0-dev.7.0

1.23.0-dev.8.0

1.23.0-dev.9.0

1.23.0-dev.9.1

1.23.0-dev.9.2

1.24.0

1.24.0-dev.0.0

1.24.0-dev.1.0

1.24.0-dev.2.0

1.24.0-dev.3.0

1.24.0-dev.4.0

1.24.0-dev.4.1

1.24.0-dev.4.2

1.24.0-dev.5.0

1.24.0-dev.6.0

1.24.0-dev.6.1

1.24.0-dev.6.2

1.24.0-dev.6.4

1.24.0-dev.6.5

1.24.0-dev.6.6

1.24.0-dev.6.7

1.24.0-dev.6.8

1.24.0-dev.6.9

1.24.1

1.24.2

1.24.3

1.25.0-dev.0.0

1.25.0-dev.1.0

1.25.0-dev.10.0

1.25.0-dev.11.0

1.25.0-dev.12.0

1.25.0-dev.13.0

1.25.0-dev.14.0

1.25.0-dev.15.0

1.25.0-dev.16.0

1.25.0-dev.16.1

1.25.0-dev.16.2

1.25.0-dev.16.3

1.25.0-dev.16.4

1.25.0-dev.2.0

1.25.0-dev.2.1

1.25.0-dev.3.0

1.25.0-dev.4.0

1.25.0-dev.5.0

1.25.0-dev.6.0

1.25.0-dev.7.0

1.25.0-dev.8.0

1.25.0-dev.9.0

2.*

2.0.0

2.0.0-dev.0.0

2.0.0-dev.0.1

2.0.0-dev.1.0

2.0.0-dev.10.0

2.0.0-dev.11.0

2.0.0-dev.12.0

2.0.0-dev.13.0

2.0.0-dev.14.0

2.0.0-dev.15.0

2.0.0-dev.16.0

2.0.0-dev.17.0

2.0.0-dev.18.0

2.0.0-dev.19.0

2.0.0-dev.2.0

2.0.0-dev.20.0

2.0.0-dev.21.0

2.0.0-dev.22.0

2.0.0-dev.23.0

2.0.0-dev.24.0

2.0.0-dev.25.0

2.0.0-dev.26.0

2.0.0-dev.27.0

2.0.0-dev.28.0

2.0.0-dev.29.0

2.0.0-dev.3.0

2.0.0-dev.30.0

2.0.0-dev.31.0

2.0.0-dev.32.0

2.0.0-dev.33.0

2.0.0-dev.34.0

2.0.0-dev.35

2.0.0-dev.36.0

2.0.0-dev.37.0

2.0.0-dev.38.0

2.0.0-dev.39.0

2.0.0-dev.4.0

2.0.0-dev.40.0

2.0.0-dev.41.0

2.0.0-dev.42.0

2.0.0-dev.43.0

2.0.0-dev.44.0

2.0.0-dev.45.0

2.0.0-dev.46.0

2.0.0-dev.47.0

2.0.0-dev.48.0

2.0.0-dev.49.0

2.0.0-dev.5.0

2.0.0-dev.50.0

2.0.0-dev.51.0

2.0.0-dev.52.0

2.0.0-dev.53.0

2.0.0-dev.54.0

2.0.0-dev.55.0

2.0.0-dev.56.0

2.0.0-dev.57.0

2.0.0-dev.58.0

2.0.0-dev.59.0

2.0.0-dev.6.0

2.0.0-dev.60.0

2.0.0-dev.61.0

2.0.0-dev.62.0

2.0.0-dev.63.0

2.0.0-dev.64.0

2.0.0-dev.64.1

2.0.0-dev.65.0

2.0.0-dev.66.0

2.0.0-dev.67.0

2.0.0-dev.68.0

2.0.0-dev.69.0

2.0.0-dev.69.1

2.0.0-dev.69.2

2.0.0-dev.69.3

2.0.0-dev.69.4

2.0.0-dev.69.5

2.0.0-dev.7.0

2.0.0-dev.8.0

2.0.0-dev.9.0

2.1.0

2.1.0-dev.0.0

2.1.0-dev.1.0

2.1.0-dev.2.0

2.1.0-dev.3.0

2.1.0-dev.3.1

2.1.0-dev.4.0

2.1.0-dev.5.0

2.1.0-dev.6.0

2.1.0-dev.7.0

2.1.0-dev.7.1

2.1.0-dev.8.0

2.1.0-dev.9.0

2.1.0-dev.9.1

2.1.0-dev.9.2

2.1.0-dev.9.3

2.1.0-dev.9.4

2.1.1

2.1.1-dev.0.0

2.1.1-dev.0.1

2.1.1-dev.1.0

2.1.1-dev.2.0

2.1.1-dev.3.0

2.1.1-dev.3.1

2.1.1-dev.3.2

2.1.2-dev.0.0

2.2.0

2.2.0-dev.0.0

2.2.0-dev.1.0

2.2.0-dev.1.1

2.2.0-dev.2.0

2.2.0-dev.2.1

2.2.1-dev.0.0

2.2.1-dev.1.0

2.2.1-dev.1.1

2.2.1-dev.2.0

2.2.1-dev.2.1

2.2.1-dev.3.0

2.2.1-dev.3.1

2.2.1-dev.4.0

2.2.1-dev.4.1

2.2.1-dev.4.2

2.3.0

2.3.0-dev.0.0

2.3.0-dev.0.1

2.3.0-dev.0.2

2.3.0-dev.0.3

2.3.0-dev.0.4

2.3.0-dev.0.5

2.3.1

2.3.1-dev.0.0

2.3.2

2.3.2-dev.0.0

2.3.2-dev.0.1

2.3.3-dev.0.0

2.4.0

2.4.0-dev.0.0

2.4.0-dev.0.1

2.4.1

2.5.0

2.5.0-dev.0.0

2.5.0-dev.1.0

2.5.0-dev.2.0

2.5.0-dev.2.1

2.5.0-dev.3.0

2.5.0-dev.4.0

2.5.1

2.5.2

2.6.0

2.6.0-dev.0.0

2.6.0-dev.1.0

2.6.0-dev.2.0

2.6.0-dev.3.0

2.6.0-dev.4.0

2.6.0-dev.5.0

2.6.0-dev.6.0

2.6.0-dev.7.0

2.6.0-dev.8.0

2.6.0-dev.8.1

2.6.0-dev.8.2

2.6.1

2.7.0

2.7.0-dev.0.0

2.7.0-dev.1.0

2.7.0-dev.2.0

2.7.0-dev.2.1

2.7.1

analyzer-0.*

analyzer-0.31.0

analyzer-0.31.0+1

analyzer-0.31.1

analyzer-0.31.2-alpha.0

analyzer-0.31.2-alpha.1

analyzer-0.31.2-alpha.2

analyzer-0.32.0

analyzer-0.32.4

analyzer-0.33.0

Other

merge_analyzer_branch

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8923.json"