Описание
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | released | 1.0.11-1ubuntu1+esm1 |
| esm-apps/xenial | released | 1.0.8-1ubuntu1+esm1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needed |
Показывать по
10
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
больше 5 лет назад
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
CVSS3: 9.8
debian
больше 5 лет назад
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...
CVSS3: 9.8
github
почти 4 года назад
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
7.5 High
CVSS2
9.8 Critical
CVSS3