Home > Vulnerability Database > CVE-2020-35669

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2020-35669

Date: December 23, 2020

An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request.

Language: C

Severity Score

6.1

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-35669

Url: https://github.com/dart-lang/http

Url: https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133

Url: https://pub.dev/packages/http/changelog#0133

Url: https://github.com/dart-lang/http/issues/511

Url: https://github.com/dart-lang/http/pull/512

Url: https://github.com/dart-lang/http/commit/abb2bb182fbd7f03aafd1f889b902d7b3bdb8769

Url: https://www.mend.io/vulnerability-database/CVE-2020-35669

Severity Score

6.1

Weakness Type (CWE)

Injection

CWE-74

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us