VYPR

Get Jwks

by Nearform

Source repositories

CVEs (1)

  • CVE-2025-59936CriSep 27, 2025
    risk 0.54cvss 9.4epss 0.00

    get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss (issuer) claim is validated only after keys are retrieved from the cache, it is possible for cached…