How severe is CVE-2022-31158?

CVE-2022-31158 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-31158

Name: lti_1.3_tool_library
Author: packback

7.5HIGH

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the

Published: 7/15/2022Updated: 11/21/2024

Description

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

AI AnalysisPowered by AI

Affected Products

packbacklti_1.3_tool_library

References

https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h
Third Party Advisory
https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h
Third Party Advisory