Impact
The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.
Patches
The vulnerability has been resolved by 927f79e, and included since v5.0.0.
Workarounds
Cherry-pick the commit to your own fork can resolves the vulberability too.
References
Impact
The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.
Patches
The vulnerability has been resolved by 927f79e, and included since v5.0.0.
Workarounds
Cherry-pick the commit to your own fork can resolves the vulberability too.
References