CVE-2020-11071

Name: CVE-2020-11071
Creator: NVD / NIST
Published: 2020-05-12T01:15:11.15+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.6/10EPSS 0.93%

Last modified Jun 17, 2026

CVE-2020-11071 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. EPSS estimates a 0.93% chance of exploitation in the next 30 days.

Description

SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2.

Metrics

CVSS 3.1

8.6/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS Probability

0.93%

56.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Simpleledger	Slpjs	< 0.27.2

References

https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754Patch, Tool Signature
https://github.com/simpleledger/slpjs/security/advisories/GHSA-jc83-cpf9-q7c6Tool Signature
https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754Patch, Tool Signature
https://github.com/simpleledger/slpjs/security/advisories/GHSA-jc83-cpf9-q7c6Tool Signature

Timeline

Published: May 12, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-11071?

How severe is CVE-2020-11071?

CVE-2020-11071 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 0.93% probability of exploitation in the next 30 days.

How do I fix CVE-2020-11071?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-11071?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST