CVE-2021-22567 - OpenCVE

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dart	Dart Software Development Kit

Configuration 1 [-]

cpe:2.3:a:dart:dart_software_development_kit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md
https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41

History

No history.

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2022-01-05T10:55:11.851542Z

Updated: 2024-09-17T00:10:28.748Z

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22567

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-05T11:15:08.120

Modified: 2022-01-12T18:43:51.137

Link: CVE-2021-22567

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Dart SDK", "vendor": "Google LLC", "versions": [{"lessThan": "2.15.0-268.18.beta", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-11-16T00:00:00", "descriptions": [{"lang": "en", "value": "Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-05T10:55:11", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41"}], "source": {"discovery": "INTERNAL"}, "title": "Bidirectional Override in Dart SDK", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "DATE_PUBLIC": "2021-11-16T23:00:00.000Z", "ID": "CVE-2021-22567", "STATE": "PUBLIC", "TITLE": "Bidirectional Override in Dart SDK"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Dart SDK", "version": {"version_data": [{"version_affected": "<", "version_value": "2.15.0-268.18.beta"}]}}]}, "vendor_name": "Google LLC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md", "refsource": "MISC", "url": "https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md"}, {"name": "https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41", "refsource": "MISC", "url": "https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:44:14.038Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41"}]}]}, "cveMetadata": {"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2021-22567", "datePublished": "2022-01-05T10:55:11.851542Z", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-09-17T00:10:28.748Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dart:dart_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "F12093A9-8594-4A7E-853E-2D4C28977D25", "versionEndExcluding": "2.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways."}, {"lang": "es", "value": "El texto Unicode bidireccional puede ser interpretado y compilado de forma diferente a como aparece en los editores, lo que puede ser explotado para conseguir que el c\u00f3digo nefasto pase una revisi\u00f3n de c\u00f3digo aparentando ser benigno. Un atacante podr\u00eda insertar una fuente invisible para un revisor de c\u00f3digo que modifique el comportamiento de un programa de forma no esperada."}], "id": "CVE-2021-22567", "lastModified": "2022-01-12T18:43:51.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2022-01-05T11:15:08.120", "references": [{"source": "cve-coordination@google.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md"}, {"source": "cve-coordination@google.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}