Skip to content

Validation Bypass in slp-validate

Critical severity GitHub Reviewed Published Nov 15, 2019 in simpleledger/slp-validate.js • Updated Jan 9, 2023

Package

npm slp-validate (npm)

Affected versions

= 1.0.0

Patched versions

1.0.1

Description

Versions of slp-validate prior to 1.0.1 are vulnerable to a validation bypass. Bitcoin scripts may cause the validation result from slp-validate to differ from the specified SLP consensus. This allows an attacker to create a Bitcoin script that causes a hard-fork from the SLP consensus.

Recommendation

Upgrade to version 1.0.1 or later.

References

@jcramer jcramer published to simpleledger/slp-validate.js Nov 15, 2019
Published to the GitHub Advisory Database Nov 15, 2019
Reviewed Jun 16, 2020
Last updated Jan 9, 2023

Severity

Critical

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(34th percentile)

Weaknesses

CVE ID

CVE-2019-16761

GHSA ID

GHSA-wmx6-vxcf-c3gr

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.