Critical severityNVD Advisory· Published Jul 30, 2020· Updated Aug 4, 2024
False-positive validity for NFT1 genesis transactions in SLPJS
CVE-2020-15130
Description
In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
slpjsnpm | < 0.27.4 | 0.27.4 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-cc2p-4jhr-xhhxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-15130ghsaADVISORY
- github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456cghsax_refsource_MISCWEB
- github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhxghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.