PANews reported on April 23 that according to The Block, the XRP Ledger Foundation warned that the recently released new version of the XRPL JavaScript library used to build applications may have potential vulnerabilities and urged projects to update to patched versions of the code. The problem was discovered by Charlie Eriksen, a malware researcher at Aikido Security, who said this "backdoor" could lead to a "potentially catastrophic" supply chain attack. The affected versions are v4.2.1 to v4.2.4 and v2.14.2, limited to code hosted on NPM. The foundation has released a fixed version v4.2.5 and recommends that related projects upgrade as soon as possible. The vulnerability does not affect the XRP Ledger itself or its GitHub code base.
XRP Ledger discloses a vulnerability in the new version of the XRPL JavaScript library and recommends that projects upgrade to the fixed version as soon as possible
Comment
关注PANews官方账号,一起穿越牛熊
- @PANewsCN
- Telegram资讯频道
- Telegram交流群
- PANews微信群
添加好友,备注「交流」进群
Recommend Reading
2025-05-08BTC breaks through $104,000, up 3.46% on the day
BTC breaks through $103,000, up 2.61% on the day
ETH breaks through $2,200, up 7.42% on the day
BTC breaks through $102,000, up 1.24% on the day
ETH breaks through $2,100, up 2.74% on the day
BTC breaks through $101,000, up 4.29% on the day
