CVE-2021-22540

Published: Apr 22, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.

Vendor	Product	Versions
Google LLC	Dart SDK	affected `stable - < 2.12.3`

Weaknesses (CWE)

CWE-79

References

https://github.com/dart-lang/sdk/security/advisories/GHSA-3rfv-4jvg-9522

x_refsource_CONFIRM

https://github.com/dart-lang/sdk/commit/ce5a1c2392debce967415d4c09359ff2555e3588

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-22540

Description

Affected Products

Weaknesses (CWE)

References