Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE Dio 5.0.3 | Google OVS Scanner #1752

Closed
set0x opened this issue Mar 21, 2023 · 3 comments
Closed

CVE Dio 5.0.3 | Google OVS Scanner #1752

set0x opened this issue Mar 21, 2023 · 3 comments
Labels
fixed p: dio Targeting `dio` package p: ecosystem Targeting packages that's under the dio's ecosystem valuable The issue or the fix means a lot to the library.

Comments

@set0x
Copy link

set0x commented Mar 21, 2023

Package

dio

Version

5.0.3

Output of flutter doctor -v

No response

Dart Version

2.19.4

Steps to Reproduce

Excute scanner in a flutter project with dio 5.0.3 dependency.

osv-scanner .

You can use Docker image from project

Expected Result

Empty response from scanner.

Actual Result

+-------------------------------------+-----------+---------+---------+--------------+
| OSV URL (ID IN BOLD)                | ECOSYSTEM | PACKAGE | VERSION | SOURCE       |
+-------------------------------------+-----------+---------+---------+--------------+
| https://osv.dev/GHSA-jwpw-q68h-r678 | Pub       | dio     | 5.0.3   | pubspec.lock |
+-------------------------------------+-----------+---------+---------+--------------+
@set0x set0x added h: need triage This issue needs to be categorized s: bug Something isn't working labels Mar 21, 2023
@AlexV525
Copy link
Member

#1130 has been resolved in 927f79e already according to dart-lang/sdk@6abb6e5. What should we do next?

@AlexV525
Copy link
Member

I've sent a request and we'll see if any further steps are required.

@AlexV525 AlexV525 added h: need extra help Extra help is needed p: dio Targeting `dio` package and removed h: need triage This issue needs to be categorized s: bug Something isn't working labels Mar 21, 2023
@AlexV525
Copy link
Member

The OSV should no longer report the vulnerability.

@AlexV525 AlexV525 added the fixed label Jun 16, 2023
@AlexV525 AlexV525 added p: ecosystem Targeting packages that's under the dio's ecosystem valuable The issue or the fix means a lot to the library. and removed h: need extra help Extra help is needed labels Apr 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fixed p: dio Targeting `dio` package p: ecosystem Targeting packages that's under the dio's ecosystem valuable The issue or the fix means a lot to the library.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@set0x @AlexV525