Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio

Duplicate advisory This advisory has been withdrawn because it is a duplicate of GHSA-9324-jv53-9cc8. This link is maintained to preserve external references. Original Description The dio package prior to 5.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a...

PT-2020-17383 · Dart · Http Package

Name of the Vulnerable Software and Affected Versions: http package versions 0.12.2 and earlier http package versions prior to 0.13.3 Description: An issue was discovered in the http package for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to...