GHSA-phrq-v4q2-hmq6

Suggest an improvement
Source
https://github.com/advisories/GHSA-phrq-v4q2-hmq6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-phrq-v4q2-hmq6
Aliases
Published
2022-03-26T00:15:22Z
Modified
2023-11-01T04:51:48.190883Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Details

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.

Database specific 
{
    "cwe_ids": [
        "CWE-20"
    ],
    "github_reviewed": true,
    "severity": "CRITICAL",
    "nvd_published_at": null,
    "github_reviewed_at": "2022-03-26T00:15:22Z"
}
References

Affected packages

Packagist

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.3.0
Fixed
8.3.1

Affected versions

8.*

8.3.0

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.2.0
Fixed
8.2.1

Affected versions

8.*

8.2.0

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1.0
Fixed
8.1.1

Affected versions

8.*

8.1.0

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
8.0.1

Affected versions

8.*

8.0.0

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.0.4

Affected versions

7.*

7.0.0
7.0.1
7.0.2
7.0.3

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.0.2

Affected versions

6.*

6.0.0
6.0.1

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.2.1

Affected versions

5.*

5.2.0

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.1.0
Fixed
5.1.3

Affected versions

5.*

5.1.0
5.1.1
5.1.2

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0
Fixed
5.0.9

Affected versions

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.0.1

Affected versions

4.*

4.0.0

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.1

Affected versions

3.*

3.0.0

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.1

Affected versions

2.*

2.0.0

sabberworm/php-css-parser

Package

Name
sabberworm/php-css-parser
Purl
pkg:composer/sabberworm/php-css-parser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.1

Affected versions

1.*

1.0.0