VYPR

RubyGems package

css_parser

pkg:gem/css_parser

Vulnerabilities (1)

  • CVE-2026-44312MedMay 14, 2026
    affected >= 2.0.0, < 2.1.0fixed 2.1.0

    css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL: