Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01cDczLXFnMnYtMzgzaM4AAtZ_
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
Impact
Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request.
Patches
Users should upgrade to version 5.0 immediately
Workarounds
None.
Permalink: https://github.com/advisories/GHSA-5p73-qg2v-383hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cDczLXFnMnYtMzgzaM4AAtZ_
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-5p73-qg2v-383h, CVE-2022-31158
References:
- https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h
- https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
- https://nvd.nist.gov/vuln/detail/CVE-2022-31158
- https://github.com/advisories/GHSA-5p73-qg2v-383h
Blast Radius: 1.0
Affected Packages
packagist:packbackbooks/lti-1-3-php-library
Affected Version Ranges: < 5.0Fixed in: 5.0