The XRP Ledger Foundation has issued a warning about a potential security vulnerability in recent versions of the xrpl JavaScript library (versions 4.2.1-4.2.4 and 2.14.2), which could allow attackers to steal users' private keys, posing a significant risk to the supply chain.
This vulnerability only affects the versions published on NPM.
A corrected version, 4.2.5, has been released, and affected projects are strongly advised to update immediately