Описание
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.3.1 (исключая)
cpe:2.3:a:sabberworm:php_css_parser:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.21413
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 5 лет назад
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
CVSS3: 9.8
debian
больше 5 лет назад
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...
CVSS3: 9.8
github
почти 4 года назад
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
EPSS
Процентиль: 96%
0.21413
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94