Bidirectional Override in Dart SDK
CVE-2021-22567

4.6MEDIUM

Key Information:

Vendor: Google
Status: Dart Sdk
Vendor: CVE Published:; 5 January 2022

What is CVE-2021-22567?

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways.

Affected Version(s)

Dart SDK < 2.15.0-268.18.beta

References

https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md

x_refsource_MISC

https://github.com/dart-lang/sdk/commit/52519ea8eb4780c46...

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 5, 2022
Vulnerability Reserved
Jan 5, 2021

Google

What is CVE-2021-22567?

Affected Version(s)

References

CVSS V3.1

Timeline