PANews reported on April 23 that according to The Block, the XRP Ledger Foundation warned that the recently released new version of the XRPL JavaScript library used to build applications may have potential vulnerabilities and urged projects to update to patched versions of the code. The problem was discovered by Charlie Eriksen, a malware researcher at Aikido Security, who said this "backdoor" could lead to a "potentially catastrophic" supply chain attack. The affected versions are v4.2.1 to v4.2.4 and v2.14.2, limited to code hosted on NPM. The foundation has released a fixed version v4.2.5 and recommends that related projects upgrade as soon as possible. The vulnerability does not affect the XRP Ledger itself or its GitHub code base.
XRP Ledger discloses a vulnerability in the new version of the XRPL JavaScript library and recommends that projects upgrade to the fixed version as soon as possible
Comment
关注PANews官方账号,一起穿越牛熊
- @PANewsCN
- Telegram资讯频道
- Telegram交流群
- PANews微信群
添加好友,备注「交流」进群
Recommend Reading
2025-05-14France to hold crypto industry security conference in response to spate of kidnappings
Telegram shuts down thousands of channels associated with criminal crypto market 'Xinbi Guarantee'
Whale sold 197 WBTC on the chain and cashed out $20.44 million
Huobi Leverage launches the 45th Hot Coin Trading Party. Participate in leveraged trading to share a 15,000 USDT prize pool
a16z Crypto Leads $7 Million Seed Round in KYD Labs to Drive Blockchain Ticketing Innovation
PROMPT task rewards will be collected on the morning of May 16th. Users who have not collected them will lose their eligibility to collect them.
