Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for slp-validate.js by simpleledger

    CVE-2020-15131 (GCVE-0-2020-15131)

    Vulnerability from nvd – Published: 2020-07-30 15:00 – Updated: 2024-08-04 13:08
    VLAI
    Title
    False-positive validity for NFT1 genesis transactions in SLP Validate
    Summary
    In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2.
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:08:22.279Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "slp-validate.js",
              "vendor": "simpleledger",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-697",
                  "description": "CWE-697: Incorrect Comparison",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-30T15:00:17.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c"
            }
          ],
          "source": {
            "advisory": "GHSA-6jmr-jfh7-xg3h",
            "discovery": "UNKNOWN"
          },
          "title": "False-positive validity for NFT1 genesis transactions in SLP Validate",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-15131",
              "STATE": "PUBLIC",
              "TITLE": "False-positive validity for NFT1 genesis transactions in SLP Validate"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "slp-validate.js",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "simpleledger"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-697: Incorrect Comparison"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h"
                },
                {
                  "name": "https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c",
                  "refsource": "MISC",
                  "url": "https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-6jmr-jfh7-xg3h",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-15131",
        "datePublished": "2020-07-30T15:00:17.000Z",
        "dateReserved": "2020-06-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:08:22.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-15131 (GCVE-0-2020-15131)

    Vulnerability from cvelistv5 – Published: 2020-07-30 15:00 – Updated: 2024-08-04 13:08
    VLAI
    Title
    False-positive validity for NFT1 genesis transactions in SLP Validate
    Summary
    In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2.
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:08:22.279Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "slp-validate.js",
              "vendor": "simpleledger",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-697",
                  "description": "CWE-697: Incorrect Comparison",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-30T15:00:17.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c"
            }
          ],
          "source": {
            "advisory": "GHSA-6jmr-jfh7-xg3h",
            "discovery": "UNKNOWN"
          },
          "title": "False-positive validity for NFT1 genesis transactions in SLP Validate",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-15131",
              "STATE": "PUBLIC",
              "TITLE": "False-positive validity for NFT1 genesis transactions in SLP Validate"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "slp-validate.js",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "simpleledger"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-697: Incorrect Comparison"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h"
                },
                {
                  "name": "https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c",
                  "refsource": "MISC",
                  "url": "https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-6jmr-jfh7-xg3h",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-15131",
        "datePublished": "2020-07-30T15:00:17.000Z",
        "dateReserved": "2020-06-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:08:22.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }