{"id":"CVE-2020-15130","details":"In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4.","aliases":["GHSA-cc2p-4jhr-xhhx"],"modified":"2026-03-13T22:14:46.196685Z","published":"2020-07-30T15:15:13.057Z","related":["GHSA-cc2p-4jhr-xhhx"],"references":[{"type":"ADVISORY","url":"https://github.com/simpleledger/slpjs/security/advisories/GHSA-cc2p-4jhr-xhhx"},{"type":"FIX","url":"https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/simpleledger/slpjs","events":[{"introduced":"0"},{"fixed":"66304a92a2569c9345a8c452440f984877372e11"},{"fixed":"290c20e8bff13ac81459d43e54cac232b5e3456c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.27.4"}]}}],"versions":["0.10.2","0.12.2","0.14.0","0.15.13","0.15.3","0.16.0","0.16.1","0.16.2","0.16.3","0.17.0","0.18.0","0.18.2","0.21.1","0.21.4","0.22.0","0.22.1","0.22.2","0.22.3","0.23.0","0.23.2","0.23.3","0.24.0","0.24.3","0.25.3","0.26.0","0.27.2","0.27.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15130.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}