ARCHIVE/xrpl-dev-portal
1
0
Fork 0
mirror of https://github.com/XRPLF/xrpl-dev-portal.git synced 2025-11-04 11:55:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix typo

Browse Source
This commit is contained in:
amarantha-k
2025-04-28 15:40:26 -07:00
parent ad39712f8b
commit 5389bdccca
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
blog/2025/vulnerabilitydisclosurereport-bug-apr2025.md
View File

@@ -28,7 +28,7 @@ This attack was discovered and reported in the early morning hours of April 22nd
## Impact
This vulnerability does **not** affect the XRP Ledger network or codebase, but is instead limited to the npm package called `xrpl`, which is the package name for the **xrpl.js** (a JavaScript library for interacting with the XRP Ledger).
This vulnerability does **not** affect the XRP Ledger network or codebase, but is instead limited to the npm package called `xrpl`, which is the package name for **xrpl.js** (a JavaScript library for interacting with the XRP Ledger).
**Note:** No GitHub repositories were compromised at any time as part of this incident. Instead, the attacker was able to publish malicious code directly into the npm registry system using compromised npm credentials. In particular, npm versions `2.14.2` and `4.2.1` - `4.2.4` of xrpl.js were compromised with malicious code designed to exfiltrate private key material.