CVE-2025-24976

描述

Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution

受影響套件(1)

• Go/github.com/distribution/distributionfrom 0

參考連結(3)

• ADVISORYhttps://github.com/distribution/distribution/security/advisories/GHSA-phw4-mc57-4hwc
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-24976
• PATCHhttps://github.com/distribution/distribution/commit/5ea9aa028db65ca5665f6af2c20ecf9dc34e5fcd