The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published: 2022-10-27T00:00:00

Updated: 2024-08-03T01:00:10.279Z

Reserved: 2022-09-02T00:00:00

Link: CVE-2022-3095

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-10-27T16:15:09.600

Modified: 2022-10-31T16:20:17.840

Link: CVE-2022-3095

cve-icon Redhat

No data.