CVE-2022-3095

Name of the Vulnerable Software and Affected Versions Dart versions prior to 2.18 Flutter versions prior to 3.30

Description The implementation of backslash parsing in the Dart URI class differs from the WhatWG URL standards, as it uses the RFC 3986 syntax. This creates incompatibilities with the '' characters in URIs, which can lead to authentication bypass in web applications interpreting URIs.

Recommendations For Dart versions prior to 2.18, update Dart to a version 2.18 or later to mitigate the issue. For Flutter versions prior to 3.30, update Flutter to a version 3.30 or later to mitigate the issue.