Описание
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.0 (исключая)
cpe:2.3:a:packback:lti_1.3_tool_library:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.003
Низкий
7.5 High
CVSS3
Дефекты
CWE-294
CWE-294
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
EPSS
Процентиль: 53%
0.003
Низкий
7.5 High
CVSS3
Дефекты
CWE-294
CWE-294