CVE-2025-59936

The CVE-2025-59936 issue affects get-jwks prior to 11.0.2, where a design flaw allows cache poisoning of the JWKS cache to bypass issuer validation. If iss is validated after keys are retrieved from the cache, an attacker can craft JWTs to place a chosen public key in the shared cache and then re...

CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

get-jwks 安全漏洞

get-jwks is a Nearform open source utility for obtaining JWKS keys. A security vulnerability exists in get-jwks versions prior to 11.0.2, which stems from a cache poisoning issue in the JWKS key fetching mechanism that could lead to bypassing issuer authentication...

CVE-2025-59936

creationtimestamp| type| source ---|---|--- 2025-09-26 13:51:53+00:00| published-proof-of-concept| https://github.com/nearform/get-jwks/security/advisories/GHSA-qc2q-qhf3-235m...