CVE-2021-22540 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Cross-site scripting
Description	Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use a cross-site scripting (XSS) attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1859	dart	2.12.2-1	2.12.3-1	Medium	Fixed

References
https://github.com/dart-lang/sdk/security/advisories/GHSA-3rfv-4jvg-9522 https://github.com/dart-lang/sdk/commit/a322d21bd8f620e558d6cfaf1a60fb8c7a0172d1