Please clarify state of code injection vulnerability CVE-2020-13756
hannob opened this issue · comments
I got a warning from a security scan about CVE-2020-13756 in PHP-CSS-Parser.
According to this advisory
it affects "Sabberworm PHP CSS Parser before 8.3.1", but the latest version is 8.3.0.
Is this an unfixed vulnerability?
There are fixes available for every major release, as this list from https://packagist.org/packages/sabberworm/php-css-parser shows:
I hope this answers your question.