Lucene search
GoogleOSV:GHSA-JC83-CPF9-Q7C6HistoryMay 12, 2020 - 12:39 a.m.
False-negative validation results in MINT transactions with invalid baton
2020-05-1200:39:03
Google
osv.dev
5
0.001 Low
EPSS
Percentile
38.9%
Impact
Users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user’s minting baton.
Patches
npm package slpjs has been patched and published as version 0.27.2.
Workarounds
Upgrade to slpjs 0.27.2.
References
- slpjs commit
For more information
If you have any questions or comments about this advisory:
- Open an issue in slp-validate or slpjs
Related
nvd
nvd
CVE-2020-11071
2020-05-12 01:15:11
CVE-2020-11072
2020-05-12 01:15:11
cve
cve
CVE-2020-11071
2020-05-12 01:15:11
CVE-2020-11072
2020-05-12 01:15:11
cvelist
cvelist
github
github
False-negative validation results in MINT transactions with invalid baton
2020-05-12 00:39:03
veracode
veracode
Denial Of Service (DoS)
2020-05-13 01:23:33
prion
prion
Input validation
2020-05-12 01:15:00
Input validation
2020-05-12 01:15:00
osv
osv
CVE-2020-11071
2020-05-12 01:15:11
CVE-2020-11072
2020-05-12 01:15:11