CVE-2025-24976

Description

Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution

Affected packages (1)

• Go/github.com/distribution/distributionfrom 0

References (3)

• ADVISORYhttps://github.com/distribution/distribution/security/advisories/GHSA-phw4-mc57-4hwc
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-24976
• PATCHhttps://github.com/distribution/distribution/commit/5ea9aa028db65ca5665f6af2c20ecf9dc34e5fcd