VYPR

npm package

get-jwks

pkg:npm/get-jwks

Vulnerabilities (1)

  • CVE-2025-59936CriSep 27, 2025
    affected < 11.0.2fixed 11.0.2

    get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss (issuer) claim is validated only after keys are retrieved from the cache, it is possible for cached k