{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/premailer/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["css_parser \u003c= 2.2.0"],"_cs_severities":["medium"],"_cs_tags":["ssrf","lfi","supply-chain","ruby","vulnerability","web-application"],"_cs_type":"advisory","_cs_vendors":["Premailer"],"content_html":"\u003cp\u003eThe Ruby \u003ccode\u003ecss_parser\u003c/code\u003e library, specifically versions 2.2.0 and earlier, contains a critical vulnerability (SSRF and local file disclosure) within its \u003ccode\u003eCssParser::Parser#read_remote_file\u003c/code\u003e method. This function, utilized by \u003ccode\u003eload_uri!\u003c/code\u003e and the \u003ccode\u003e@import\u003c/code\u003e-following branch of \u003ccode\u003eadd_block!\u003c/code\u003e, lacks proper validation, allowing HTTP/HTTPS requests to arbitrary hosts and ports, including internal, loopback, and RFC-1918 addresses. The vulnerability escalates to arbitrary local file disclosure when a malicious HTTP redirect leads to a \u003ccode\u003efile://\u003c/code\u003e URI. This flaw enables attackers to conduct internal network discovery, exfiltrate sensitive data from block-style configuration files, enumerate file existence, and perform Denial of Service attacks via decompression bombs or by triggering side-effecting GET requests on internal services. Applications like Premailer, which hand attacker-influenced CSS with a \u003ccode\u003ebase_uri:\u003c/code\u003e option to \u003ccode\u003ecss_parser\u003c/code\u003e, are particularly exposed, requiring only a single \u003ccode\u003e@import url(...)\u003c/code\u003e rule in the parsed CSS.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious CSS stylesheet containing an \u003ccode\u003e@import url(...)\u003c/code\u003e directive, pointing to an attacker-controlled HTTP/HTTPS server.\u003c/li\u003e\n\u003cli\u003eA vulnerable application, which uses the \u003ccode\u003ecss_parser\u003c/code\u003e library (version 2.2.0 or earlier) to process untrusted CSS with a \u003ccode\u003ebase_uri:\u003c/code\u003e option (e.g., via Premailer), encounters the malicious \u003ccode\u003e@import\u003c/code\u003e rule.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecss_parser\u003c/code\u003e library's \u003ccode\u003eCssParser::Parser#add_block!\u003c/code\u003e or \u003ccode\u003eParser#load_uri!\u003c/code\u003e methods invoke \u003ccode\u003eread_remote_file\u003c/code\u003e with the attacker-controlled URL.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF (Internal Network Access):\u003c/strong\u003e The \u003ccode\u003eread_remote_file\u003c/code\u003e method makes an HTTP/HTTPS request to an internal target (e.g., \u003ccode\u003ehttp://127.0.0.1:18080/admin-credentials\u003c/code\u003e). If the response is CSS-shaped, its content can be exfiltrated via the application's output.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLocal File Disclosure (LFI) Escalation:\u003c/strong\u003e The attacker-controlled server responds with an HTTP 302 redirect, sending a \u003ccode\u003eLocation:\u003c/code\u003e header pointing to a \u003ccode\u003efile://\u003c/code\u003e URI (e.g., \u003ccode\u003eLocation: file:///etc/nginx/nginx.conf\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eread_remote_file\u003c/code\u003e recursively follows this cross-scheme redirect and directly calls \u003ccode\u003eFile.read\u003c/code\u003e on the specified local file path.\u003c/li\u003e\n\u003cli\u003eIf the content of the local file is CSS-shaped (e.g., block-style configuration files like nginx configs, HCL, Caddy), it is parsed by \u003ccode\u003ecss_parser\u003c/code\u003e and its contents (selectors, declarations) become recoverable via the parser's API.\u003c/li\u003e\n\u003cli\u003eThe application then outputs the parsed CSS (e.g., Premailer renders it into HTML), effectively exfiltrating the sensitive local file content to the attacker.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe vulnerability in \u003ccode\u003ecss_parser\u003c/code\u003e allows for significant impact on systems processing untrusted CSS. Successful exploitation can lead to unauthorized access to internal network resources, including sensitive administrative interfaces and cloud metadata services (e.g., AWS IMDS, GCP/Azure equivalents). It facilitates arbitrary local file disclosure, potentially exposing critical system configurations, API keys, or other sensitive data, particularly from files structured in block-style DSLs (like nginx or HCL configuration files). Attackers can also use this flaw as a file-existence oracle to enumerate system filesystem layouts and installed software. Furthermore, the forced decompression functionality can be abused to trigger Denial of Service conditions through decompression bombs, exhausting system resources.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003ecss_parser\u003c/code\u003e gem to a patched version immediately to remediate CVE-2024-XXXX (CVE ID will be assigned).\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for all CSS content originating from untrusted sources before it is processed by the \u003ccode\u003ecss_parser\u003c/code\u003e library.\u003c/li\u003e\n\u003cli\u003eConfigure network egress filtering to prevent unexpected outbound connections from application servers to internal IP ranges, loopback addresses, or the internet, for processes that should not initiate such connections.\u003c/li\u003e\n\u003cli\u003eMonitor application logs for unusual URI access attempts, particularly those attempting to access \u003ccode\u003efile://\u003c/code\u003e schemes or internal HTTP/HTTPS endpoints from CSS processing functions.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-09T13:47:12Z","date_published":"2026-07-09T13:47:12Z","id":"https://feed.craftedsignal.io/briefs/2026-07-ruby-css-parser-ssrf-lfi/","summary":"The `css_parser` library, specifically in versions up to and including 2.2.0, is vulnerable to Server-Side Request Forgery (SSRF) and local file disclosure through improper URI validation in the `CssParser::Parser#read_remote_file` method, allowing attackers to access internal network resources or read local files when processing attacker-controlled CSS.","title":"Ruby CSS Parser Vulnerable to SSRF and Local File Disclosure via `read_remote_file`","url":"https://feed.craftedsignal.io/briefs/2026-07-ruby-css-parser-ssrf-lfi/"}],"language":"en","title":"CraftedSignal Threat Feed - Premailer","version":"https://jsonfeed.org/version/1.1"}