We've got two distinct vulnerabilities in two very different kinds of setups:
- the
bx seedsubcommand in the Libbitcoin Explorer generated unsafe seeds due to low entropy. It doesn't seem to affect too many wallets, but it is referenced as a way to generate a new seed in Mastering Bitcoin, and has hence being used as such. Source - a series of 0-day vulnerabilities have been found in the most widely used implementations of multi-party computation (MPC) and affects over 15 wallet providers, although the affected MPC implementations are mostly used in shitcoins wallets (see this list). Source
Regarding the Milk Sad/bx vulnerability, Libbitcoin maintainer Eric Voskuil commented that the GitHub wiki appropriately warned that the comment should not be used in production. The question remains whether this warning was made sufficiently visible, and why and how this command ended up in Mastering Bitcoin without this warning.