CVE-2020-13756

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-13756
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13756.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13756
Aliases
Downstream
Published
2020-06-03T14:15:12.703Z
Modified
2026-03-14T10:06:27.502660Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.

References

Affected packages

Git / github.com/myintervals/php-css-parser

Affected ranges

Type
GIT
Repo
https://github.com/myintervals/php-css-parser
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
Fixed
d217848e1396ef962fb1997cf3e2421acba7f796
Type
GIT
Repo
https://github.com/sabberworm/php-css-parser
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d217848e1396ef962fb1997cf3e2421acba7f796
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.3.1"
        }
    ]
}

Affected versions

0.*
0.9.0
1.*
1.0.0
1.0.1
2.*
2.0.0
2.0.1
3.*
3.0.0
3.0.1
4.*
4.0.0
4.0.1
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.1.0
5.1.1
5.1.2
5.1.3
5.2.0
5.2.1
6.*
6.0.0
6.0.1
6.0.2
7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
8.*
8.0.0
8.0.1
8.1.0
8.1.1
8.2.0
8.2.1
8.3.0
v0.*
v0.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13756.json"