4 matches found
CVE-2026-27704
The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client dart pub and flutter pub extracts a package in the pub cache, a malicious package archive can...
CVE-2026-27704
The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client dart pub and flutter pub extracts a package in the pub cache, a malicious package archive can...
CVE-2026-27704 Dart SDK and Flutter SDK have Zip slip in Dart Pub package extraction
The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client dart pub and flutter pub extracts a package in the pub cache, a malicious package archive can...
CVE-2026-27704
The CVE-2026-27704 issue affects the Dart SDKs and Flutter SDKs prior to versions 3.11.0 and 3.41.0, respectively. During package extraction in the pub cache (via dart pub and flutter pub), a malicious package archive could cause files to be written outside the destination directory due to a path...