Skip to content

False-negative validation results in MINT transactions with invalid baton

Critical severity GitHub Reviewed Published May 11, 2020 in simpleledger/slp-validate.js • Updated Jan 9, 2023

Package

npm slp-validate (npm)

Affected versions

< 1.2.1

Patched versions

1.2.1

Description

Impact

Users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton.

Patches

npm package slp-validate has been patched and published as version 1.2.1.

Workarounds

Upgrade to slp-validate 1.2.1.

References

For more information

If you have any questions or comments about this advisory:

References

@jcramer jcramer published to simpleledger/slp-validate.js May 11, 2020
Reviewed May 12, 2020
Published to the GitHub Advisory Database May 12, 2020
Last updated Jan 9, 2023

Severity

Critical

EPSS score

0.071%
(33rd percentile)

Weaknesses

CVE ID

CVE-2020-11072

GHSA ID

GHSA-4w97-57v2-3w44

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.