Home > Vulnerability Database > CVE-2020-35669

Mend.io Vulnerability Database

CVE-2020-35669

Date: December 23, 2020

An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request.

Language: C

Severity Score

6.1

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-35669

Url: https://github.com/dart-lang/http

Url: https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133

Url: https://pub.dev/packages/http/changelog#0133

Url: https://github.com/dart-lang/http/issues/511

Url: https://github.com/dart-lang/http/pull/512

Url: https://github.com/dart-lang/http/commit/abb2bb182fbd7f03aafd1f889b902d7b3bdb8769

Url: https://www.mend.io/vulnerability-database/CVE-2020-35669

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-35669

Date: December 23, 2020

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?