Vulnerability Description
Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dart | Dart Software Development Kit | < 2.15.0 |
Related Weaknesses (CWE)
References
- https://github.com/dart-lang/sdk/blob/main/CHANGELOG.mdRelease NotesThird Party Advisory
- https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41PatchThird Party Advisory
- https://github.com/dart-lang/sdk/blob/main/CHANGELOG.mdRelease NotesThird Party Advisory
- https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41PatchThird Party Advisory
FAQ
What is CVE-2021-22567?
CVE-2021-22567 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker...
How severe is CVE-2021-22567?
CVE-2021-22567 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22567?
Check the references section above for vendor advisories and patch information. Affected products include: Dart Dart Software Development Kit.