https://blog.qife122.com/tags/dio/ Recent content in Dio on 办公AI智能小助手 Hugo zh-cn qife Wed, 03 Dec 2025 00:05:59 +0800 https://blog.qife122.com/p/%E8%AD%A6%E6%83%95dio%E5%BA%93%E7%9A%84crlf%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%BD%B1%E5%93%8Dhttp%E8%AF%B7%E6%B1%82%E5%AE%89%E5%85%A8/ Wed, 03 Dec 2025 00:05:59 +0800 https://blog.qife122.com/p/%E8%AD%A6%E6%83%95dio%E5%BA%93%E7%9A%84crlf%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%BD%B1%E5%93%8Dhttp%E8%AF%B7%E6%B1%82%E5%AE%89%E5%85%A8/ <h2 id="漏洞详情">漏洞详情</h2> <p><strong>重复公告</strong> 此公告已被撤回，因为它是GHSA-9324-jv53-9cc8的重复公告。保留此链接是为了维护外部引用。</p> <p><strong>原始描述</strong> Dart的dio包在5.0.0之前的版本中，如果攻击者控制了HTTP方法字符串，则允许CRLF注入。此漏洞与CVE-2020-35669不同。</p>