CNNVD-202509-4279 Information

CNNVD ID

CNNVD-202509-4279

Related CVE

CVE-2025-59936

• CNNVD Published: 2025-09-27

Description (Chinese)

get-jwks是Nearform开源的一个获取JWKS密钥的实用工具。 get-jwks 11.0.2之前版本存在安全漏洞，该漏洞源于JWKS密钥获取机制中的缓存投毒问题，可能导致绕过颁发者验证。

Description (English)

Get-jwks is a practical tool for accessing JWKS keys from the Nearform Open Source. There was a security loophole in the previous version of 11.02, which originated from the problem of a cache of poisoning in the JWKS key access mechanism and could lead to circumventing the issuer ’ s certification.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Nearform

Published

2025-09-27

Last Modified

2026-02-24

References

https://github.com/nearform/get-jwks/security/advisories/GHSA-qc2q-qhf3-235m https://github.com/nearform/get-jwks/commit/1706a177a80a1759fe68e3339dc5a219ce03ddb9 https://access.redhat.com/security/cve/cve-2025-59936

Patch

https://github.com/nearform/get-jwks/releases