16 matches found
EUVD-2025-0011
Malicious code in bioql PyPI...
CVE-2025-22149
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
SUSE CVE-2025-22149
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
Improper Cache Management
github.com/MicahParks/jwkset is vulnerable to Improper Cache Management. The vulnerability is due to the provided HTTP client's local JWK Set cache failing to perform a full replacement during refresh operations. This allows outdated or revoked keys to remain in the cache, posing a security risk...
GO-2025-3376 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh in github.com/MicahParks/jwkset
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh in github.com/MicahParks/jwkset...
CVE-2025-22149
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
GHSA-675F-RQ2R-JW82 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
Impact The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key...
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
Impact The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key...
CVE-2025-22149
The CVE-2025-22149 issue affects the JWK Set Go implementation’s auto-caching HTTP client (github.com/MicahParks/jwkset). Before v0.6.0, the local JWK Set cache could overwrite or append during remote refresh instead of performing a full replacement, potentially leaving revoked keys usable if rem...
CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
PT-2025-4383 · Jwk Set +1 · Jwk Set +1
Name of the Vulnerable Software and Affected Versions: JWK Set versions prior to 0.6.0 Description: The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. However, the current behavior is to overwrite or append, which...
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...
Spring Authorization Server is on Spring Initializr!
Today, I'm excited to announce that you have a new superpower: creating applications with Spring Authorization Server on Spring Initializr! That's right, it's time to begin your OAuth2 journey and become the hero you always knew you could be! In this post, I'll explain how you can get the most fr...