Vulnerability Details : CVE-2020-15131
In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2.
Products affected by CVE-2020-15131
- cpe:2.3:a:simpleledger:slp-validate:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-15131
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-15131
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2020-15131
-
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2020-15131
-
https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c
critical update for NFT child genesis validation · simpleledger/slp-validate.js@3963cf9 · GitHubPatch;Third Party Advisory
-
https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h
False-positive validity for NFT1 genesis transactions · Advisory · simpleledger/slp-validate.js · GitHubThird Party Advisory
Jump to