GHSA-768m-5w34-2xf5

Source

https://github.com/advisories/GHSA-768m-5w34-2xf5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-768m-5w34-2xf5/GHSA-768m-5w34-2xf5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-768m-5w34-2xf5

Aliases

CVE-2022-31157

Published

2022-07-15T20:55:46Z

Modified

2023-11-08T04:09:28.038385Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0

Details

Impact

The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable.

Patches

Users should upgrade to version 5.0 immediately

Workarounds

None.

Database specific

{
    "nvd_published_at": "2022-07-15T18:15:00Z",
    "cwe_ids": [
        "CWE-327",
        "CWE-330"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-15T20:55:46Z"
}

References

Affected packages

Packagist / packbackbooks/lti-1-3-php-library

Package

Name: packbackbooks/lti-1-3-php-library
Purl: pkg:composer/packbackbooks/lti-1-3-php-library

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0