[GHSA-9324-jv53-9cc8] dio vulnerable to CRLF injection with HTTP method string #4442
Conversation
|
Hi there @AlexV525! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
bot
changed the base branch from
main
to
hamde33/advisory-improvement-4442
|
What is the point of changing the modified date? What data does the field rely on? |
|
I executed the application on the Linux system and it worked without showing any error. The problem is that when installing the java project, I changed the version of the buckets, which led to a problem in the rest of the applications. |
|
Not sure if the CVE has anything to do with your applications. It's a Dart dependency. |
|
No, to fix the previous error, delete the cache file and restore the old version of the flutter |
Updates
Comments
Reference links:
CVE-2021-31402: This is the identifier of the vulnerability in the NVD database.
OSV - Open Source Vulnerabilities: Provides additional information about the vulnerability and the fix.
Issue #1752: Contains discussion and updates regarding the vulnerability and its fix in the project's GitHub repository.
Code commit:
Commit cfug/dio@927f79e: Describes the specific change made to fix the vulnerability and can be used as a reference for technical details.
Broader context:
You can search for other posts and discussions in the project's GitHub repository (such as Issue #1130) to get more context and information regarding the vulnerability and the fix.