Thread - Nostr Hypermedia

hodlbod hodlbod@coracle.social 1 year ago

Replicated it, it's an XSS

↑ Parent

Replies (5)

Alex Gleason alex@gleasonator.dev 1 year ago

Holy shit!

Lottie player JS was compromised with a drainer. Check dependencies. · Issue #3127 · airbnb/lottie-web

AFFECTED VERSION DO NOT RUN THIS: @lottiefiles/lottie-player@latest/dist/lottie-player.js DO NOT know if other CDNS are also affected. UPDATE: Look...

4 replies ↓

MAKE SONGS LONGER heather@nostrplebs.com 1 year ago

Nostr devs on top of things 🫡

Cesar Dias _@nosotros.app 1 year ago

Insane, primal just removed the lottie-player

Remove lottieplayer · PrimalHQ/primal-web-app@299a26d

Primal's web app for Nostr, as experienced on primal.net. - Remove lottieplayer · PrimalHQ/primal-web-app@299a26d

1 replies ↓

hodlbod hodlbod@coracle.social 1 year ago

Yep, just discovered myself that this is the source of the issue:

Lottie player JS was compromised with a drainer. Check dependencies. · Issue #3127 · airbnb/lottie-web

AFFECTED VERSION DO NOT RUN THIS: @lottiefiles/lottie-player@latest/dist/lottie-player.js DO NOT know if other CDNS are also affected. UPDATE: Look...

jb55 _@jb55.com 1 year ago

Last time there was an xss vulnerability on nostr (anigma) lots of people leaked their nsecs

↑