Search
Find a vulnerability
Search criteria
6 vulnerabilities found for slpjs by simpleledger
CVE-2020-15130 (GCVE-0-2020-15130)
Vulnerability from nvd – Published: 2020-07-30 15:00 – Updated: 2024-08-04 13:08
VLAI
Title
False-positive validity for NFT1 genesis transactions in SLPJS
Summary
In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4.
Severity
7.5 (High)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/simpleledger/slpjs/security/ad… | x_refsource_CONFIRM |
| https://github.com/simpleledger/slpjs/commit/290c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| simpleledger | slpjs |
Affected:
< 0.27.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "slpjs",
"vendor": "simpleledger",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-30T15:00:23.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c"
}
],
"source": {
"advisory": "GHSA-cc2p-4jhr-xhhx",
"discovery": "UNKNOWN"
},
"title": "False-positive validity for NFT1 genesis transactions in SLPJS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15130",
"STATE": "PUBLIC",
"TITLE": "False-positive validity for NFT1 genesis transactions in SLPJS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "slpjs",
"version": {
"version_data": [
{
"version_value": "\u003c 0.27.4"
}
]
}
}
]
},
"vendor_name": "simpleledger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697: Incorrect Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhx",
"refsource": "CONFIRM",
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhx"
},
{
"name": "https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c",
"refsource": "MISC",
"url": "https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c"
}
]
},
"source": {
"advisory": "GHSA-cc2p-4jhr-xhhx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15130",
"datePublished": "2020-07-30T15:00:24.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11071 (GCVE-0-2020-11071)
Vulnerability from nvd – Published: 2020-05-12 00:25 – Updated: 2024-08-04 11:21
VLAI
Title
False-negative validation results in MINT transactions with invalid baton
Summary
SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2.
Severity
8.6 (High)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/simpleledger/slpjs/security/ad… | x_refsource_CONFIRM |
| https://github.com/simpleledger/slpjs/commit/3671… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| simpleledger | slpjs |
Affected:
< 0.27.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-jc83-cpf9-q7c6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "slpjs",
"vendor": "simpleledger",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user\u0027s minting baton. This is fixed in version 0.27.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T00:25:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-jc83-cpf9-q7c6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754"
}
],
"source": {
"advisory": "GHSA-jc83-cpf9-q7c6",
"discovery": "UNKNOWN"
},
"title": "False-negative validation results in MINT transactions with invalid baton",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11071",
"STATE": "PUBLIC",
"TITLE": "False-negative validation results in MINT transactions with invalid baton"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "slpjs",
"version": {
"version_data": [
{
"version_value": "\u003c 0.27.2"
}
]
}
}
]
},
"vendor_name": "simpleledger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user\u0027s minting baton. This is fixed in version 0.27.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697: Incorrect Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-jc83-cpf9-q7c6",
"refsource": "CONFIRM",
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-jc83-cpf9-q7c6"
},
{
"name": "https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754",
"refsource": "MISC",
"url": "https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754"
}
]
},
"source": {
"advisory": "GHSA-jc83-cpf9-q7c6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11071",
"datePublished": "2020-05-12T00:25:15.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16762 (GCVE-0-2019-16762)
Vulnerability from nvd – Published: 2019-11-15 23:10 – Updated: 2024-08-05 01:24
VLAI
Title
Validator parsing discrepancy due to string encoding in NPM slpjs
Summary
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version >= 0.21.4.
Severity
5.7 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/simpleledger/slpjs/security/ad… | x_refsource_CONFIRM |
| https://github.com/simpleledger/slpjs/commit/ac88… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| simpleledger | slpjs |
Affected:
< 0.21.4 , < 0.21.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "slpjs",
"vendor": "simpleledger",
"versions": [
{
"lessThan": "0.21.4",
"status": "affected",
"version": "\u003c 0.21.4",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version \u003e= 0.21.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-15T23:10:57.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701"
}
],
"source": {
"advisory": "cve/GHSA-425c-ccf3-3jrr",
"discovery": "EXTERNAL"
},
"title": "Validator parsing discrepancy due to string encoding in NPM slpjs",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16762",
"STATE": "PUBLIC",
"TITLE": "Validator parsing discrepancy due to string encoding in NPM slpjs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "slpjs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u003c 0.21.4",
"version_value": "0.21.4"
}
]
}
}
]
},
"vendor_name": "simpleledger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version \u003e= 0.21.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr",
"refsource": "CONFIRM",
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr"
},
{
"name": "https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701",
"refsource": "MISC",
"url": "https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701"
}
]
},
"source": {
"advisory": "cve/GHSA-425c-ccf3-3jrr",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2019-16762",
"datePublished": "2019-11-15T23:10:57.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:47.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15130 (GCVE-0-2020-15130)
Vulnerability from cvelistv5 – Published: 2020-07-30 15:00 – Updated: 2024-08-04 13:08
VLAI
Title
False-positive validity for NFT1 genesis transactions in SLPJS
Summary
In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4.
Severity
7.5 (High)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/simpleledger/slpjs/security/ad… | x_refsource_CONFIRM |
| https://github.com/simpleledger/slpjs/commit/290c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| simpleledger | slpjs |
Affected:
< 0.27.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "slpjs",
"vendor": "simpleledger",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-30T15:00:23.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c"
}
],
"source": {
"advisory": "GHSA-cc2p-4jhr-xhhx",
"discovery": "UNKNOWN"
},
"title": "False-positive validity for NFT1 genesis transactions in SLPJS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15130",
"STATE": "PUBLIC",
"TITLE": "False-positive validity for NFT1 genesis transactions in SLPJS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "slpjs",
"version": {
"version_data": [
{
"version_value": "\u003c 0.27.4"
}
]
}
}
]
},
"vendor_name": "simpleledger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697: Incorrect Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhx",
"refsource": "CONFIRM",
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhx"
},
{
"name": "https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c",
"refsource": "MISC",
"url": "https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c"
}
]
},
"source": {
"advisory": "GHSA-cc2p-4jhr-xhhx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15130",
"datePublished": "2020-07-30T15:00:24.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11071 (GCVE-0-2020-11071)
Vulnerability from cvelistv5 – Published: 2020-05-12 00:25 – Updated: 2024-08-04 11:21
VLAI
Title
False-negative validation results in MINT transactions with invalid baton
Summary
SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2.
Severity
8.6 (High)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/simpleledger/slpjs/security/ad… | x_refsource_CONFIRM |
| https://github.com/simpleledger/slpjs/commit/3671… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| simpleledger | slpjs |
Affected:
< 0.27.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-jc83-cpf9-q7c6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "slpjs",
"vendor": "simpleledger",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user\u0027s minting baton. This is fixed in version 0.27.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T00:25:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-jc83-cpf9-q7c6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754"
}
],
"source": {
"advisory": "GHSA-jc83-cpf9-q7c6",
"discovery": "UNKNOWN"
},
"title": "False-negative validation results in MINT transactions with invalid baton",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11071",
"STATE": "PUBLIC",
"TITLE": "False-negative validation results in MINT transactions with invalid baton"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "slpjs",
"version": {
"version_data": [
{
"version_value": "\u003c 0.27.2"
}
]
}
}
]
},
"vendor_name": "simpleledger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user\u0027s minting baton. This is fixed in version 0.27.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697: Incorrect Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-jc83-cpf9-q7c6",
"refsource": "CONFIRM",
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-jc83-cpf9-q7c6"
},
{
"name": "https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754",
"refsource": "MISC",
"url": "https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754"
}
]
},
"source": {
"advisory": "GHSA-jc83-cpf9-q7c6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11071",
"datePublished": "2020-05-12T00:25:15.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16762 (GCVE-0-2019-16762)
Vulnerability from cvelistv5 – Published: 2019-11-15 23:10 – Updated: 2024-08-05 01:24
VLAI
Title
Validator parsing discrepancy due to string encoding in NPM slpjs
Summary
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version >= 0.21.4.
Severity
5.7 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/simpleledger/slpjs/security/ad… | x_refsource_CONFIRM |
| https://github.com/simpleledger/slpjs/commit/ac88… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| simpleledger | slpjs |
Affected:
< 0.21.4 , < 0.21.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "slpjs",
"vendor": "simpleledger",
"versions": [
{
"lessThan": "0.21.4",
"status": "affected",
"version": "\u003c 0.21.4",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version \u003e= 0.21.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-15T23:10:57.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701"
}
],
"source": {
"advisory": "cve/GHSA-425c-ccf3-3jrr",
"discovery": "EXTERNAL"
},
"title": "Validator parsing discrepancy due to string encoding in NPM slpjs",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16762",
"STATE": "PUBLIC",
"TITLE": "Validator parsing discrepancy due to string encoding in NPM slpjs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "slpjs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u003c 0.21.4",
"version_value": "0.21.4"
}
]
}
}
]
},
"vendor_name": "simpleledger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version \u003e= 0.21.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr",
"refsource": "CONFIRM",
"url": "https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr"
},
{
"name": "https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701",
"refsource": "MISC",
"url": "https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701"
}
]
},
"source": {
"advisory": "cve/GHSA-425c-ccf3-3jrr",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2019-16762",
"datePublished": "2019-11-15T23:10:57.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:47.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}