Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.Referenceshttps://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1http://seclists.org/fulldisclosure/2020/Jun/7http://packetstormsecurity.com/files/157923/Sabberworm-PHP-CSS-Code-Injection.html
