Homepage

slpjs@0.22.2 vulnerabilities

Simple Ledger Protocol (SLP) JavaScript Library

  • latest version

    0.27.11

  • latest non vulnerable version

    0.27.11

  • first published

    6 years ago

  • latest version published

    4 years ago

  • licenses detected

  • View slpjs package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the slpjs package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Incorrect Comparison

    slpjs is a JavaScript Library for validating and building Simple Ledger Protocol (SLP) token transactions

    Affected versions of this package are vulnerable to Incorrect Comparison. There is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification.

    How to fix Incorrect Comparison?

    Upgrade slpjs to version 0.27.4 or higher.

    <0.27.4
    • H
    Improper Validation

    slpjs is a JavaScript Library for validating and building Simple Ledger Protocol (SLP) token transactions

    Affected versions of this package are vulnerable to Improper Validation. Users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton.

    How to fix Improper Validation?

    Upgrade slpjs to version 0.27.2 or higher.

    <0.27.2
    Go back to all versions of this package