← Zuruck zu CVEs
CVE-2026-40069
HIGH7.5
Beschreibung
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo / txStatus are silently treated as successful broadcasts. Applications that gate actions on broadcaster success are tricked into trusting transactions that were never accepted by the network. This vulnerability is fixed in 0.8.2.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/9/2026
Zuletzt geandert4/13/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-754
Referenzen
https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc(security-advisories@github.com)
https://github.com/sgbett/bsv-ruby-sdk/issues/305(security-advisories@github.com)
https://github.com/sgbett/bsv-ruby-sdk/pull/306(security-advisories@github.com)
https://github.com/sgbett/bsv-ruby-sdk/releases/tag/v0.8.2(security-advisories@github.com)
https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-9hfr-gw99-8rhx(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.