Homepage

jupyterhub-ltiauthenticator@1.3.0 vulnerabilities

JupyterHub authenticator implementing LTI v1.1 and LTI v1.3

  • latest version

    1.6.2

  • latest non vulnerable version

    1.6.2

  • first published

    7 years ago

  • latest version published

    1 years ago

  • licenses detected

  • View jupyterhub-ltiauthenticator package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the jupyterhub-ltiauthenticator package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Improper Verification of Cryptographic Signature

    jupyterhub-ltiauthenticator is a JupyterHub authenticator implementing LTI v1.1 and LTI v1.3

    Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the jwt_verify_and_decode() function, in the form of improper validation of JWT signatures. An attacker can authorize a forged request if the target application is configured to use LTI13Authenticator.

    How to fix Improper Verification of Cryptographic Signature?

    Upgrade jupyterhub-ltiauthenticator to version 1.4.0 or higher.

    [1.3.0,1.4.0)
    Go back to all versions of this package