Vulnerability Details : CVE-2020-15130
In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4.
Products affected by CVE-2020-15130
- cpe:2.3:a:simpleledger:slpjs:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-15130
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-15130
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2020-15130
-
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2020-15130
-
https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c
critical update for NFT child genesis validation · simpleledger/slpjs@290c20e · GitHubPatch;Third Party Advisory
-
https://github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhx
False-positive validity for NFT1 genesis transactions · Advisory · simpleledger/slpjs · GitHubThird Party Advisory
Jump to