CVE-2020-11071

Summary

SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2.

Affected Software

VendorProductVersion RangeStatus
simpleledgerslpjs< 0.27.2affected

Weaknesses

  • CWE-697: CWE-697: Incorrect Comparison

ADP Enrichment

CVE Program Container

Additional References

References