Please clarify state of code injection vulnerability CVE-2020-13756

Question

hannob opened this issue 4 years ago · comments

I got a warning from a security scan about CVE-2020-13756 in PHP-CSS-Parser.

According to this advisory
https://packetstormsecurity.com/files/cve/CVE-2020-13756
it affects "Sabberworm PHP CSS Parser before 8.3.1", but the latest version is 8.3.0.

Is this an unfixed vulnerability?

Raphael Schweikert · Answer 1 · Tue Nov 03 2020 00:15:27 GMT+0800 (China Standard Time)

There are fixes available for every major release, as this list from https://packagist.org/packages/sabberworm/php-css-parser shows:

Raphael Schweikert · Answer 2 · Tue Nov 03 2020 00:15:55 GMT+0800 (China Standard Time)

I hope this answers your question.