7.5

CVE-2022-31157

EPSS 0.11%
Veröffentlicht 15.07.2022 18:15:08
Zuletzt bearbeitet 21.11.2024 07:04:01
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Packback ≫ Lti 1.3 Tool Library Version < 5.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.305

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-768m-5w34-2xf5

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31157

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31157

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31157

EUVD