CVE-2022-31157

2022-07-1518:15:08

CWE-327

CWE-330

[email protected]

web.nvd.nist.gov

cve-2022-31157

lti 1.3 tool library

php

nonce generation

vulnerability

security patch

upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.6%

JSON

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

Affected configurations

Vulners

NVD

Node

packbackbookslti_1_3_php_libraryRange<5.0

CPENameOperatorVersion
packback:lti_1.3_tool_librarypackback lti 1.3 tool librarylt5.0.0

CPE	Name	Operator	Version
packback:lti_1.3_tool_library	packback lti 1.3 tool library	lt	5.0.0

CNA Affected

[
  {
    "product": "lti-1-3-php-library",
    "vendor": "packbackbooks",
    "versions": [
      {
        "status": "affected",
        "version": "< 5.0"
      }
    ]
  }
]