AIKIDO-2026-11125
css_parser is vulnerable to Server-Side Request Forgery (SSRF)
89
High Risk
This Affects:
css_parserTL;DR
The css_parser Ruby gem fetches remote stylesheets through read_remote_file when parsing CSS with base_uri and following @import rules. Before the fix, the parser issued HTTP or HTTPS requests to any host without IP or scheme filtering and followed redirects into file:// URIs, enabling server-side request forgery against internal services and partial local file disclosure. Attackers who can supply CSS parsed with a base_uri option can trigger outbound requests or read local files the Ruby process can access. Version 3.0.0 routes remote fetches through ssrf_filter, blocks cross-scheme redirects to file://, and gates local file URIs behind default-deny opt-in flags.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range and your application parses attacker-influenced CSS with base_uri set, such as email-rendering pipelines using Premailer.
Background info
css_parser is vulnerable to Server-Side Request Forgery (SSRF) in versions 2.2.0 - 2.2.0.
How to fix this
Upgrade the css_parser library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant