Please clarify state of code injection vulnerability CVE-2020-13756
hannob opened this issue · comments
Hanno Böck commented
I got a warning from a security scan about CVE-2020-13756 in PHP-CSS-Parser.
According to this advisory
https://packetstormsecurity.com/files/cve/CVE-2020-13756
it affects "Sabberworm PHP CSS Parser before 8.3.1", but the latest version is 8.3.0.
Is this an unfixed vulnerability?
Raphael Schweikert commented
There are fixes available for every major release, as this list from https://packagist.org/packages/sabberworm/php-css-parser shows:
Raphael Schweikert commented
I hope this answers your question.