data/reports/GO-2025-3376.yaml - vulndb - Git at Google

 id: GO-2025-3376
 modules:
     - module: github.com/MicahParks/jwkset
       versions:
         - introduced: 0.5.0
         - fixed: 0.6.0
       vulnerable_at: 0.5.21
 summary: |-
     JWK Set's HTTP client only overwrites and appends JWK to local cache during
     refresh in github.com/MicahParks/jwkset
 cves:
     - CVE-2025-22149
 ghsas:
     - GHSA-675f-rq2r-jw82
 references:
     - advisory: https://github.com/MicahParks/jwkset/security/advisories/GHSA-675f-rq2r-jw82
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-22149
     - fix: https://github.com/MicahParks/jwkset/commit/01db49a90f7f20c7fb39a699a2f19a7a5f379ed3
     - fix: https://github.com/MicahParks/jwkset/pull/41
     - report: https://github.com/MicahParks/jwkset/issues/40
 source:
     id: GHSA-675f-rq2r-jw82
     created: 2025-01-09T14:17:18.394896-05:00
 review_status: UNREVIEWED
	id: GO-2025-3376
	modules:
	- module: github.com/MicahParks/jwkset
	versions:
	- introduced: 0.5.0
	- fixed: 0.6.0
	vulnerable_at: 0.5.21
	summary: \|-
	JWK Set's HTTP client only overwrites and appends JWK to local cache during
	refresh in github.com/MicahParks/jwkset
	cves:
	- CVE-2025-22149
	ghsas:
	- GHSA-675f-rq2r-jw82
	references:
	- advisory: https://github.com/MicahParks/jwkset/security/advisories/GHSA-675f-rq2r-jw82
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-22149
	- fix: https://github.com/MicahParks/jwkset/commit/01db49a90f7f20c7fb39a699a2f19a7a5f379ed3
	- fix: https://github.com/MicahParks/jwkset/pull/41
	- report: https://github.com/MicahParks/jwkset/issues/40
	source:
	id: GHSA-675f-rq2r-jw82
	created: 2025-01-09T14:17:18.394896-05:00
	review_status: UNREVIEWED