CVE-2022-31158

Name of the Vulnerable Software and Affected Versions LTI 1.3 Tool Library versions prior to 5.0

Description The issue concerns the Nonce Claim Value not being validated against the nonce value sent in the Authentication Request. This affects the LTI 1.3 Tool Library, a library used for building IMS-certified LTI 1.3 tool providers in PHP. There are currently no known workarounds.

Recommendations For versions prior to 5.0, users should upgrade to version 5.0 to receive a patch. As a temporary workaround, consider disabling the functionality that relies on the Nonce Claim Value until a patch is available.