CVE-2020-15131

Published: Jul 30, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2.

Vendor	Product	Versions
simpleledger	slp-validate.js	affected `< 1.2.2`

Weaknesses (CWE)

CWE-697

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

References

https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h

x_refsource_CONFIRM

https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-15131

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References