CVE-2020-15130

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15130

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15130.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-15130

Aliases

GHSA-cc2p-4jhr-xhhx

Related

GHSA-cc2p-4jhr-xhhx

Published

2020-07-30T15:15:13.057Z

Modified

2025-11-14T10:49:59.625908Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4.

References

Affected packages

Git / github.com/simpleledger/slpjs

Affected ranges

Type: GIT
Repo: https://github.com/simpleledger/slpjs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

290c20e8bff13ac81459d43e54cac232b5e3456c

Affected versions

0.*

0.10.2

0.12.2

0.14.0

0.15.13

0.15.3

0.16.0

0.16.1

0.16.2

0.16.3

0.17.0

0.18.0

0.18.2

0.21.1

0.21.4

0.22.0

0.22.1

0.22.2

0.22.3

0.23.0

0.23.2

0.23.3

0.24.0

0.24.3

0.25.3

0.26.0

0.27.2

0.27.3