Base Score

CRITICAL9.8

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.

VectorNETWORK

Published Bycve@mitre.org

Published DateJun 03, 2020, 14:15

Affected Versions(13)

sabberworm/php-css-parser(Packagist)

Introduced8.3.0

Fixed8.3.1

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced8.2.0

Fixed8.2.1

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced8.1.0

Fixed8.1.1

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced8.0.0

Fixed8.0.1

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced7.0.0

Fixed7.0.4

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced6.0.0

Fixed6.0.2

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced5.2.0

Fixed5.2.1

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced5.1.0

Fixed5.1.3

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced5.0.0

Fixed5.0.9

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced4.0.0

Fixed4.0.1

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced3.0.0

Fixed3.0.1

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced2.0.0

Fixed2.0.1

LimitN/A

sabberworm/php-css-parser(Packagist)

Introduced1.0.0

Fixed1.0.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
sabberworm/php-css-parser(Packagist)	8.3.0	8.3.1	N/A
sabberworm/php-css-parser(Packagist)	8.2.0	8.2.1	N/A
sabberworm/php-css-parser(Packagist)	8.1.0	8.1.1	N/A
sabberworm/php-css-parser(Packagist)	8.0.0	8.0.1	N/A
sabberworm/php-css-parser(Packagist)	7.0.0	7.0.4	N/A
sabberworm/php-css-parser(Packagist)	6.0.0	6.0.2	N/A
sabberworm/php-css-parser(Packagist)	5.2.0	5.2.1	N/A
sabberworm/php-css-parser(Packagist)	5.1.0	5.1.3	N/A
sabberworm/php-css-parser(Packagist)	5.0.0	5.0.9	N/A
sabberworm/php-css-parser(Packagist)	4.0.0	4.0.1	N/A
sabberworm/php-css-parser(Packagist)	3.0.0	3.0.1	N/A
sabberworm/php-css-parser(Packagist)	2.0.0	2.0.1	N/A
sabberworm/php-css-parser(Packagist)	1.0.0	1.0.1	N/A

Weakness Type (CWE):CWE-94

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-94

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

Package (Ecosystem)

Introduced

Fixed

Limit

sabberworm/php-css-parser(Packagist)

8.3.0

8.3.1

N/A

sabberworm/php-css-parser(Packagist)

8.2.0

8.2.1

N/A

sabberworm/php-css-parser(Packagist)

8.1.0

8.1.1

N/A

sabberworm/php-css-parser(Packagist)

8.0.0

8.0.1

N/A

sabberworm/php-css-parser(Packagist)

7.0.0

7.0.4

N/A

sabberworm/php-css-parser(Packagist)

6.0.0

6.0.2

N/A

sabberworm/php-css-parser(Packagist)

5.2.0

5.2.1

N/A

sabberworm/php-css-parser(Packagist)

5.1.0

5.1.3

N/A

sabberworm/php-css-parser(Packagist)

5.0.0

5.0.9

N/A

sabberworm/php-css-parser(Packagist)

4.0.0

4.0.1

N/A

sabberworm/php-css-parser(Packagist)

3.0.0

3.0.1

N/A

sabberworm/php-css-parser(Packagist)

2.0.0

2.0.1

N/A

sabberworm/php-css-parser(Packagist)

1.0.0

1.0.1

N/A