CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

PT-2022-19470 · Rubygems · Rubygems

Name of the Vulnerable Software and Affected Versions: RubyGems affected versions not specified Description: An ordering mistake in the code that accepts gem uploads allowed some gems to be temporarily replaced in the CDN cache by a malicious package. The issue is believed to have never been...