{"id":"CVE-2020-15131","details":"In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2.","aliases":["GHSA-6jmr-jfh7-xg3h"],"modified":"2026-03-13T21:59:52.698430Z","published":"2020-07-30T15:15:13.150Z","related":["GHSA-6jmr-jfh7-xg3h"],"references":[{"type":"ADVISORY","url":"https://github.com/simpleledger/slp-validate.js/security/advisories/GHSA-6jmr-jfh7-xg3h"},{"type":"FIX","url":"https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/simpleledger/slp-validate","events":[{"introduced":"0"},{"fixed":"f11c934e9cf1272c74f6ea2485d062e18b073fcb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.2"}]}},{"type":"GIT","repo":"https://github.com/simpleledger/slp-validate.js","events":[{"introduced":"0"},{"fixed":"3963cf914afae69084059b82483da916d97af65c"}]}],"versions":["1.0.0","1.0.1","1.1.0","1.1.1","1.1.2","1.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15131.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}