GHSA-HC36-C89J-5F4J bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)
Unverified certifier signatures persisted by acquirecertificate Affected packages Both bsv-sdk and bsv-wallet are published from the sgbett/bsv-ruby-sdk repository. The vulnerable code lives in lib/bsv/walletinterface/walletclient.rb, which is physically shipped inside both gems the...