"To clarify: This vulnerability is in xrpl.js, a JavaScript library for interacting with the XRP Ledger. It does NOT affect the XRP Ledger codebase or Github repository itself. Projects using xrpl.js should upgrade to v4.2.5 immediately," the foundation wrote in a separate post.

Quote

Sources

XRP Ledger Foundation discloses 'serious vulnerability' in recently updated version of XRPL JavaScript library