CVE-2022-0451 is a security vulnerability identified in the Dart SDK, specifically within the HTTPClient implementation of the dart:io library. The vulnerability arises from the way HTTPClient handles authorization headers during HTTP redirection processes. When an HTTP request includes an authorization header and the server responds with a redirect (3xx status code) to another domain, the HTTPClient by default follows the redirect and forwards the original authorization headers to the redirected URL. This behavior can lead to unintended exposure of sensitive authorization credentials to potentially malicious third-party domains if the redirect points to an attacker-controlled site. The root cause is an authentication bypass due to a primary weakness (CWE-305) where the client does not restrict the forwarding of sensitive headers during cross-origin redirects. This can result in unauthorized disclosure of credentials or tokens embedded in the authorization header. The vulnerability affects versions of the Dart SDK prior to 2.16.0, and the recommended mitigation is to update to version 2.16.0 or later, where this behavior has been corrected to prevent authorization headers from being sent to untrusted redirect destinations. No known exploits have been reported in the wild as of the published date, but the vulnerability poses a risk in scenarios where Dart-based applications make HTTP requests with sensitive authorization headers and follow redirects to external domains.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive authentication tokens or credentials in applications developed using the Dart SDK, particularly those that perform HTTP requests involving redirects. This exposure can compromise the confidentiality of user sessions, API keys, or other sensitive data, potentially enabling attackers to impersonate legitimate users or gain unauthorized access to backend services. The integrity of communications may also be affected if attackers use stolen credentials to manipulate data or perform unauthorized actions. Availability impact is less direct but could arise if attackers leverage stolen credentials to disrupt services or escalate privileges. Sectors in Europe relying on Dart for web or mobile applications, especially those handling sensitive personal data or critical infrastructure communications, could face regulatory and reputational consequences under GDPR and other data protection laws if such data leakage occurs. The medium severity rating reflects that exploitation requires a redirect scenario and that the vulnerability primarily affects confidentiality, but the risk is significant given the widespread use of Dart in modern application development.

1. Upgrade the Dart SDK to version 2.16.0 or later immediately to ensure the HTTPClient no longer forwards authorization headers to redirected URLs. 2. Review application code to minimize the use of authorization headers in HTTP requests that may be redirected, or explicitly handle redirects to avoid automatic forwarding of sensitive headers. 3. Implement strict validation and whitelisting of redirect URLs within applications to prevent redirects to untrusted or attacker-controlled domains. 4. Employ network-level controls such as web application firewalls (WAFs) to monitor and block suspicious redirect patterns or unauthorized data exfiltration attempts. 5. Conduct security audits and penetration testing focusing on HTTP redirect handling and header management in Dart-based applications. 6. Educate developers on secure HTTP client usage patterns, emphasizing the risks of automatic header forwarding during redirects. 7. Monitor application logs for unusual redirect behaviors or unexpected authorization header transmissions.