In a recent updated version of XRP Ledger’s Javascript Development Library, a serious software deficit was discovered and Crypto para Alarm was given throughout the developer community.
The XRP Ledger Foundation has announced that there is a security vulnerability in multiple versions of the XRPL Javascript package, a widely used software development kit to interact with the XRP Ledger.
According to the Foundation, this was detected by Charlie Eriksen, a malware researcher at Aikido Security and describes the problem as a “potentially destructive’ supply chain attack.
Eriksen warned that “this security vulnerability can allow malicious people to steal their special keys and provide unauthorized access to wallets ,, but remains unclear whether any user is directly affected.
The affected versions include versions from V4.2.1 to V4.2.4 and V2.14.2. Since then, the XRP Ledger Engineering team has released V4.2.5, which invalidates the safety -violated packages. It was highly recommended for users and developers who rely on the affected versions to update immediately.
The Foundation said in a follow -up statement on social media:
To clarify: This vulnerability is in Xrpl.js, a Javascript library for interaction with XRP Ledger.
The malicious code seems to be introduced through the Node Package Manager (NPM), a widely used platform to share Javascript packages. Projects such as Xaman Wallet and Xrpscan confirmed that their services were probably not affected because they did not adopt the dangerous versions.
The XRP Ledger Foundation said that when more information on how Backdor is used, a full post-mortem will be published.
*It is not an investment advice.
For special news, analyzes and on-achain data Telegram Our group, Twitter Our account and Youtube Follow our channel now! Moreover Android ve IOS Start Live Price Tracking by downloading our applications!
Source: https://www.bitcoinsistemi.com/xrp-vakfi-kullanicilarin-varliklarinin-calinmasiyla-sonuclanabilecek-guvenlik-acigi-ilk-aciklamayi-yapti-hemen-guncellenmeli/
