Homepage
About Snyk

Inadequate Encryption Strength Affecting packbackbooks/lti-1p3-tool package, versions <5.0.0

0.0
high

Snyk CVSS

    Attack Complexity Low
    Confidentiality High

    Threat Intelligence

    EPSS 0.07% (31st percentile)
Expand this section
NVD
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-PACKBACKBOOKSLTI1P3TOOL-2952707
  • published 17 Jul 2022
  • disclosed 15 Jul 2022
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 15 Jul 2022

CVE-2022-31158 Open this link in a new tab
CWE-326 Open this link in a new tab

How to fix?

Upgrade packbackbooks/lti-1p3-tool to version 5.0.0 or higher.

Overview

packbackbooks/lti-1p3-tool is an A library used for building IMS-certified LTI 1.3 tool providers in PHP

Affected versions of this package are vulnerable to Inadequate Encryption Strength when nonce claim values are not validated against the nonce value sent in authentication requests.

References