Inadequate Encryption Strength Affecting packbackbooks/lti-1p3-tool package, versions <5.0.0
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Threat Intelligence
EPSS
0.07% (31st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-PACKBACKBOOKSLTI1P3TOOL-2952698
- published 17 Jul 2022
- disclosed 15 Jul 2022
- credit Unknown
Introduced: 15 Jul 2022
CVE-2022-31157 Open this link in a new tabHow to fix?
Upgrade packbackbooks/lti-1p3-tool
to version 5.0.0 or higher.
Overview
packbackbooks/lti-1p3-tool is an A library used for building IMS-certified LTI 1.3 tool providers in PHP
Affected versions of this package are vulnerable to Inadequate Encryption Strength in the generation of cookies and OpenID
values, allowing tokens to be forged.