GHSA-phrq-v4q2-hmq6

Source

https://github.com/advisories/GHSA-phrq-v4q2-hmq6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-phrq-v4q2-hmq6

Aliases

CVE-2020-13756

Published

2022-03-26T00:15:22Z

Modified

2025-11-03T22:42:04.819611Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()

Details

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.

Database specific

{
    "cwe_ids": [
        "CWE-20",
        "CWE-94"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2020-06-03T14:15:12Z",
    "severity": "CRITICAL",
    "github_reviewed_at": "2022-03-26T00:15:22Z"
}

References

Affected packages

Packagist

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.3.0

Fixed

8.3.1

Affected versions

8.*

8.3.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.2.0

Fixed

8.2.1

Affected versions

8.*

8.2.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.1.0

Fixed

8.1.1

Affected versions

8.*

8.1.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.0.1

Affected versions

8.*

8.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.0.4

Affected versions

7.*

7.0.0

7.0.1

7.0.2

7.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.0.2

Affected versions

6.*

6.0.0

6.0.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.2.0

Fixed

5.2.1

Affected versions

5.*

5.2.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.1.0

Fixed

5.1.3

Affected versions

5.*

5.1.0

5.1.1

5.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Fixed

5.0.9

Affected versions

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.1

Affected versions

4.*

4.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.1

Affected versions

3.*

3.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.1

Affected versions

2.*

2.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"

sabberworm/php-css-parser

Package

Name: sabberworm/php-css-parser
Purl: pkg:composer/sabberworm/php-css-parser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.1

Affected versions

1.*

1.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-phrq-v4q2-hmq6/GHSA-phrq-v4q2-hmq6.json"