Summary & Impact
There is a auth bypass vulnerability in Dart SDK, specifically dart:uri core library, used to parse and validate URLs. This library is vulnerable to the backslash-trick wherein backslash is not recognized as equivalent to forward slash in URLs. This incorrect parsing behavior can be used to bypass certain types of URL validation checks. When used in conjunction with the dart:html library it can lead to more severe issues such as unwanted data disclosure, cross-site scripting etc.
Affected platforms & versions
Dart versions prior to 2.18.2
Flutter versions prior to 3.3.3
Mitigations if any
N/A
Workarounds if any
N/A
Remediation options
This issue was recently fixed, and the fix is available in Dart SDK stable hotfix version 2.18.2
References
Acknowledgments
We thank Sohom Datta, Cryptonite, MIT Manipal for reporting this issue.
sohomdatta1 Analyst
Summary & Impact
There is a auth bypass vulnerability in Dart SDK, specifically
dart:uricore library, used to parse and validate URLs. This library is vulnerable to the backslash-trick wherein backslash is not recognized as equivalent to forward slash in URLs. This incorrect parsing behavior can be used to bypass certain types of URL validation checks. When used in conjunction with thedart:htmllibrary it can lead to more severe issues such as unwanted data disclosure, cross-site scripting etc.Affected platforms & versions
Dart versions prior to 2.18.2
Flutter versions prior to 3.3.3
Mitigations if any
N/A
Workarounds if any
N/A
Remediation options
This issue was recently fixed, and the fix is available in Dart SDK stable hotfix version 2.18.2
References
Acknowledgments
We thank Sohom Datta, Cryptonite, MIT Manipal for reporting this issue.