0xtr on Nostr: Ledger patched a vulnerable library in their Connect Kit today. Summary from someone ...
Ledger patched a vulnerable library in their Connect Kit today. Summary from someone on Elons app:
1. They are loading JS from a CDN.
2. They are not version locking loaded JS.
3. They had their CDN compromised.
Published at
2023-12-14 14:43:05Event JSON
{
"id": "ccd84e9815834874e5708334964e0969b33e4b8c5850733be7406a8e98fb0c85",
"pubkey": "b2d670de53b27691c0c3400225b65c35a26d06093bcc41f48ffc71e0907f9d4a",
"created_at": 1702564985,
"kind": 1,
"tags": [],
"content": "Ledger patched a vulnerable library in their Connect Kit today. Summary from someone on Elons app:\n\n1. They are loading JS from a CDN.\n2. They are not version locking loaded JS.\n3. They had their CDN compromised.\n\nhttps://i.nostr.build/M8Ad.png",
"sig": "bb1d0dad5d8913dbe8821dac1d4e7370e6fba1f92e531e7262865399fad099215400669d49d382bee34fe729ac37ea2da1f935129c4c5e8b034cd9680e8a5451"
}
