CVE-2022-31158

HIGH

LTI 1.3 Tool Library <5.0 - Info Disclosure

Title source: llm

Description

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

References (1)

[Third Party Advisory] https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h

Scores

CVSS v3 7.5

EPSS 0.0030

EPSS Percentile 53.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-294

Status published

Affected Products (2)

packback/lti_1.3_tool_library < 5.0.0

packbackbooks/lti-1-3-php-library < 5.0Packagist

Timeline

Published Jul 15, 2022

Tracked Since Feb 18, 2026