CVE-2020-11072

In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071.

In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071.

### Impact Users could experience false-negative validation outcomes for [MINT](https://github.com/simpleledger/slp-specifications/blob/master/slp-token-type-1.md#mint---extended-minting-transaction) transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. ### Patches npm package [slp-validate](https://www.npmjs.com/package/slp-validate) has been patched and published as version 1.2.1. ### Workarounds Upgrade to slp-validate 1.2.1. ### References * slp-validate [commit](https://github.com/simpleledger/slp-validate/commit/cde95c0c6470dceb4f023cd462f904135ebd73e7) ### For more information If you have any questions or comments about this advisory: * Open an issue in [slp-validate](https://github.com/simpleledger/slp-validate/issues)

### Impact Users could experience false-negative validation outcomes for [MINT](https://github.com/simpleledger/slp-specifications/blob/master/slp-token-type-1.md#mint---extended-minting-transaction) transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. ### Patches npm package [slp-validate](https://www.npmjs.com/package/slp-validate) has been patched and published as version 1.2.1. ### Workarounds Upgrade to slp-validate 1.2.1. ### References * slp-validate [commit](https://github.com/simpleledger/slp-validate/commit/cde95c0c6470dceb4f023cd462f904135ebd73e7) ### For more information If you have any questions or comments about this advisory: * Open an issue in [slp-validate](https://github.com/simpleledger/slp-validate/issues)

En SLP Validate (paquete slp-validate de npm) versiones anteriores a 1.2.1, los usuarios podían experimentar resultados de comprobación falsos negativos para operaciones de transacción MINT. Una billetera SLP mal implementada podría permitir el gasto de los tokens afectados, lo cual resultaría en la destrucción del minting baton del usuario. Esto ha sido corregido en slp-validate en la versión 1.2.1. Además, slpjs versión 0.27.2 presenta una corrección relacionada bajo el CVE-2020-11071 relacionado.