CVE-2020-13756

Name of the Vulnerable Software and Affected Versions Sabberworm PHP CSS Parser versions prior to 8.3.1 php-horde-css-parser version 1.0.8-1ubuntu1+esm1 and earlier

Description The issue is related to the parsing of uncontrolled CSS data, which could lead to remote code execution. The functions allSelectors() or getSelectorsBySpecificity() are called with input from an attacker, possibly resulting in code injection.

Recommendations For Sabberworm PHP CSS Parser versions prior to 8.3.1, update to version 8.3.1 or later to fix the vulnerability. For php-horde-css-parser version 1.0.8-1ubuntu1+esm1 and earlier, run sudo pro fix USN-7502-1 to fix the vulnerability, and update the system to the package version php-horde-css-parser - 1.0.8-1ubuntu1+esm1. As a temporary workaround, consider disabling the functions allSelectors() or getSelectorsBySpecificity() until a patch is available.