Name | CVE-2020-13756 |
Description | Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Debian Bugs | 1104702 |
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
Notes
https://github.com/MyIntervals/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
php-horde-css-parser embeds Sabberworm CSS Parser