Vulnerability Report: GO-2025-3376
- CVE-2025-22149, GHSA-675f-rq2r-jw82
- Affects: github.com/MicahParks/jwkset
- Published: Jan 09, 2025
- Unreviewed
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh in github.com/MicahParks/jwkset
For detailed information about this vulnerability, visit https://github.com/MicahParks/jwkset/security/advisories/GHSA-675f-rq2r-jw82 or https://nvd.nist.gov/vuln/detail/CVE-2025-22149.
Affected Modules
-
PathGo Versions
-
from v0.5.0 before v0.6.0
Aliases
References
- https://github.com/MicahParks/jwkset/security/advisories/GHSA-675f-rq2r-jw82
- https://nvd.nist.gov/vuln/detail/CVE-2025-22149
- https://github.com/MicahParks/jwkset/commit/01db49a90f7f20c7fb39a699a2f19a7a5f379ed3
- https://github.com/MicahParks/jwkset/pull/41
- https://github.com/MicahParks/jwkset/issues/40
- https://vuln.go.dev/ID/GO-2025-3376.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.