GHSA-5p73-qg2v-383h

Опубликовано: 15 июл. 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0

Impact

Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request.

Patches

Users should upgrade to version 5.0 immediately

Workarounds

None.

Ссылки

Пакеты

Наименование

packbackbooks/lti-1-3-php-library

composer

Затронутые версииВерсия исправления

< 5.0

5.0

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-31158

Дефекты

CWE-294

CWE-327

Связанные уязвимости

CVE-2022-31158

CVSS3: 7.5

nvd

больше 3 лет назад

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-31158

Дефекты

CWE-294

CWE-327