Headline
GHSA-5p73-qg2v-383h: Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library
Impact
Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request.
Patches
Users should upgrade to version 5.0 immediately
Workarounds
None.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-31158
Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library
High severity GitHub Reviewed Published Jul 15, 2022 in packbackbooks/lti-1-3-php-library • Updated Jul 15, 2022
Vulnerability details Dependabot alerts 0
Package
composer packbackbooks/lti-1-3-php-library (Composer)
Affected versions
< 5.0
Patched versions
5.0
Description
Impact
Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request.
Patches
Users should upgrade to version 5.0 immediately
Workarounds
None.
References
- GHSA-5p73-qg2v-383h
- https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
dbhynds published the maintainer security advisory
Jul 15, 2022
Severity
High
Weaknesses
No CWEs
CVE ID
CVE-2022-31158
GHSA ID
GHSA-5p73-qg2v-383h
Source code
packbackbooks/lti-1-3-php-library
Checking history
See something to contribute? Suggest improvements for this vulnerability.
Related news
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.