How severe is CVE-2022-31158?

CVE-2022-31158 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-31158

Name: lti_1.3_tool_library
Author: packback

7.5HIGH

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the

公開日: 7/15/2022更新日: 11/21/2024

説明

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

AI分析AIによる分析

影響を受ける製品

packbacklti_1.3_tool_library

参照

https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h
Third Party Advisory
https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h
Third Party Advisory