EUVD-2022-6276

Malicious code in bioql PyPI...

CVE-2022-31157

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

CVE-2022-31158

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

GHSA-7J9P-67MM-5G87 LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability

Problem TL;DR: Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. In LTI 1.3, LTI tools can "pass back" scores that learners earn while using LTI tools to the edX platform. The...

GHSA-5P73-QG2V-383H LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0

Impact Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Patches Users should upgrade to version 5.0 immediately Workarounds None...

LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0

Impact Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Patches Users should upgrade to version 5.0 immediately Workarounds None...

GHSA-768M-5W34-2XF5 LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0

Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...

LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0

Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...

CVE-2022-31158

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

CVE-2022-31157

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

Code injection

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

Authentication flaw

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

CVE-2022-31157 Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

CVE-2022-31157 Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

CVE-2022-31157

CVE-2022-31157 concerns the packbackbooks/lti-1-3-php-library. Before version 5.0, the nonce generation function was not cryptographically strong, enabling potential predictability of tokens and forgery of tokens. Affected software is the LTI 1.3 Tool Library implemented in PHP; the issue is a cr...

CVE-2022-31158 Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

CVE-2022-31158 Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

CVE-2022-31158

CVE-2022-31158 affects the packbackbooks/lti-1-3-php-library (LTI 1.3 Tool Library) for PHP. Prior to version 5.0, the Nonce Claim Value was not validated against the nonce in the Authentication Request, enabling a potential authentication bypass/capture-replay scenario as described by multiple s...