Search
Find a vulnerability
Search criteria
2 vulnerabilities found for php_css_parser by sabberworm
CVE-2020-13756 (GCVE-0-2020-13756)
Vulnerability from nvd – Published: 2020-06-03 13:46 – Updated: 2025-11-03 17:30
VLAI
Summary
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/sabberworm/PHP-CSS-Parser/comm… | x_refsource_MISC |
| https://github.com/sabberworm/PHP-CSS-Parser/rele… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2020/Jun/7 | x_refsource_MISC |
| http://packetstormsecurity.com/files/157923/Sabbe… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:30:46.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T17:06:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4",
"refsource": "MISC",
"url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
},
{
"name": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1",
"refsource": "MISC",
"url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
},
{
"name": "http://seclists.org/fulldisclosure/2020/Jun/7",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Jun/7"
},
{
"name": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13756",
"datePublished": "2020-06-03T13:46:56.000Z",
"dateReserved": "2020-06-01T00:00:00.000Z",
"dateUpdated": "2025-11-03T17:30:46.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-13756 (GCVE-0-2020-13756)
Vulnerability from cvelistv5 – Published: 2020-06-03 13:46 – Updated: 2025-11-03 17:30
VLAI
Summary
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/sabberworm/PHP-CSS-Parser/comm… | x_refsource_MISC |
| https://github.com/sabberworm/PHP-CSS-Parser/rele… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2020/Jun/7 | x_refsource_MISC |
| http://packetstormsecurity.com/files/157923/Sabbe… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:30:46.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T17:06:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4",
"refsource": "MISC",
"url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
},
{
"name": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1",
"refsource": "MISC",
"url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
},
{
"name": "http://seclists.org/fulldisclosure/2020/Jun/7",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Jun/7"
},
{
"name": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13756",
"datePublished": "2020-06-03T13:46:56.000Z",
"dateReserved": "2020-06-01T00:00:00.000Z",
"dateUpdated": "2025-11-03T17:30:46.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}