PANews reported on April 23 that according to The Block, the XRP Ledger Foundation warned that the new version of the XRPL JavaScript library for building applications may have potential vulnerabilities, and urged projects to update to the patched version of the code. The issue was discovered by Charlie Eriksen, a malware researcher at Aikido Security, who stated that this "backdoor" could lead to a "potentially catastrophic" supply chain attack. The affected versions are v4.2.1 to v4.2.4 and v2.14.2, limited to code hosted on NPM. The foundation has released a fixed version v4.2.5 and recommended that related projects upgrade as soon as possible. The vulnerability does not affect the XRP Ledger itself or its GitHub code repository.
XRP Ledger discloses a vulnerability in the new version of the XRPL JavaScript library and recommends that projects upgrade to the fixed version as soon as possible
This article is machine translated
Show original
Source
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments
Share
Relevant content
