How severe is CVE-2022-31158?

CVE-2022-31158 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-31158

Name: lti_1.3_tool_library
Author: packback

7.5HIGH

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the

Опубликовано: 7/15/2022Обновлено: 11/21/2024

Описание

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

ИИ-АнализНа базе ИИ

Затронутые продукты

packbacklti_1.3_tool_library

Ссылки

https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h
Third Party Advisory
https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h
Third Party Advisory