CVE-2020-15130: Incorrect Comparison

July 30, 2020 (updated August 3, 2020)

In SLPJS (npm package slpjs), there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification.

References

nvd.nist.gov/vuln/detail/CVE-2020-15130

Detect and mitigate CVE-2020-15130 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →