Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

flutter

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2024-54462
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-2.1||LOW
EPSS-0.01% / 0.27%
||
7 Day CHG~0.00%
Published-29 Jan, 2025 | 11:52
Updated-30 Jul, 2025 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsanitized Filenames in Flutter package image_picker_android Allow File Overwrites

The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.8.12+18. It is recommended to update to the latest version of image_picker_android that contains the changes to address this vulnerability.

Action-Not Available
Vendor-flutterFlutter
Product-image_picker_androidimage_picker_android
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CVE-2024-54461
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-2.1||LOW
EPSS-0.01% / 0.27%
||
7 Day CHG~0.00%
Published-29 Jan, 2025 | 11:51
Updated-30 Jul, 2025 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites

The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability.

Action-Not Available
Vendor-flutterFlutter
Product-file_selector_androidfile_selector_android
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CVE-2022-3095
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.50%
||
7 Day CHG+0.03%
Published-27 Oct, 2022 | 00:00
Updated-21 Apr, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect parsing of the backslash characters in Dart library

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.

Action-Not Available
Vendor-dartflutterGoogle LLC
Product-flutterdart_software_development_kitDart
CWE ID-CWE-20
Improper Input Validation