GHSA-5p73-qg2v-383h

Suggest an improvement
Source
https://github.com/advisories/GHSA-5p73-qg2v-383h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-5p73-qg2v-383h/GHSA-5p73-qg2v-383h.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5p73-qg2v-383h
Aliases
Published
2022-07-15T20:55:50Z
Modified
2023-11-08T04:09:28.099168Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
Details

Impact

Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request.

Patches

Users should upgrade to version 5.0 immediately

Workarounds

None.

Database specific 
{
    "nvd_published_at": "2022-07-15T18:15:00Z",
    "github_reviewed_at": "2022-07-15T20:55:50Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-294",
        "CWE-327"
    ]
}
References

Affected packages

Packagist / packbackbooks/lti-1-3-php-library

Package

Name
packbackbooks/lti-1-3-php-library
Purl
pkg:composer/packbackbooks/lti-1-3-php-library

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0