CVE-2020-11014

Опубликовано: 28 апр. 2020

Источник: nvd

CVSS3: 6.1

CVSS3: 8.6

CVSS2: 6.4

EPSS Низкий

Описание

Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token creators that use the "Mint Tool" feature of the Electron Cash SLP Edition are at risk of sending the minting authority baton to the wrong SLP address. Sending the mint baton to the wrong address will give another party the ability to issue new tokens or permanently destroy future minting capability. This is fixed version 3.6.2.

Ссылки

https://github.com/kristovatlas/rfc/blob/master/bips/bip-li01.mediawiki
Third Party Advisory
https://github.com/simpleledger/Electron-Cash-SLP/commit/ea3912c3d508ba81b280ef7d78648464f7f76fb8
Patch
Third Party Advisory
https://github.com/simpleledger/Electron-Cash-SLP/issues/126
Third Party Advisory
https://github.com/simpleledger/Electron-Cash-SLP/security/advisories/GHSA-cchm-grx2-g873
Third Party Advisory
https://github.com/kristovatlas/rfc/blob/master/bips/bip-li01.mediawiki
Third Party Advisory
https://github.com/simpleledger/Electron-Cash-SLP/commit/ea3912c3d508ba81b280ef7d78648464f7f76fb8
Patch
Third Party Advisory
https://github.com/simpleledger/Electron-Cash-SLP/issues/126
Third Party Advisory
https://github.com/simpleledger/Electron-Cash-SLP/security/advisories/GHSA-cchm-grx2-g873
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simpleledger:electron-cash-slp:*:*:*:*:*:*:*:*

Версия до 3.6.2 (исключая)

EPSS

Процентиль: 52%

0.00292

Низкий

6.1 Medium

CVSS3

8.6 High

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

EPSS

Процентиль: 52%

0.00292

Низкий

6.1 Medium

CVSS3

8.6 High

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo