bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo / txStatus are silently treated as successful broadcasts. Applications that gate actions on broadcaster success are tricked into trusting transactions that were never accepted by the network. This vulnerability is fixed in 0.8.2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

对因果或异常条件的不恰当检查

BSV Ruby SDK 代码问题漏洞

BSV Ruby SDK是Simon Bettison个人开发者的一个BSV区块链的Ruby开发工具包。 BSV Ruby SDK 0.1.0至0.8.2之前版本存在代码问题漏洞，该漏洞源于失败检测逻辑不完整，可能导致应用程序信任网络从未接受的交易。

N/A

N/A