[GHSA-9324-jv53-9cc8] dio vulnerable to CRLF injection with HTTP method string

[hamde33]

Updates

• Affected products

Comments Reference links: CVE-2021-31402: This is the identifier of the vulnerability in the NVD database. OSV - Open Source Vulnerabilities: Provides additional information about the vulnerability and the fix. Issue #1752: Contains discussion and updates regarding the vulnerability and its fix in the project's GitHub repository. Code commit: Commit cfug/dio@927f79e: Describes the specific change made to fix the vulnerability and can be used as a reference for technical details. Broader context: You can search for other posts and discussions in the project's GitHub repository (such as Issue #1130) to get more context and information regarding the vulnerability and the fix.

[github]

Hi there @AlexV525! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[AlexV525]

What is the point of changing the modified date? What data does the field rely on?

[hamde33]

I executed the application on the Linux system and it worked without showing any error. The problem is that when installing the java project, I changed the version of the buckets, which led to a problem in the rest of the applications.

[AlexV525]

Not sure if the CVE has anything to do with your applications. It's a Dart dependency.

[hamde33]

No, to fix the previous error, delete the cache file and restore the old version of the flutter