CVE-2021-22540

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-22540
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22540.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-22540
Related
  • GHSA-3rfv-4jvg-9522
Published
2021-04-22T15:15:07Z
Modified
2025-01-08T10:38:18.827532Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.

References

Affected packages

Git / github.com/dart-lang/sdk

Affected ranges

Type
GIT
Repo
https://github.com/dart-lang/sdk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

analyzer-0.*

analyzer-0.31.0
analyzer-0.31.0+1
analyzer-0.31.1
analyzer-0.31.2-alpha.0
analyzer-0.31.2-alpha.1
analyzer-0.31.2-alpha.2
analyzer-0.32.0
analyzer-0.32.4
analyzer-0.33.0

Other

merge_analyzer_branch

meta-v1.*

meta-v1.3.0-nullsafety.1
meta-v1.3.0-nullsafety.2