Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01NnI2LWNjbTUtOGhnM84ABKVI

High CVSS: 8.0
Permalink JSON

Alchemy Non-SMA and Webauthn Account Security Advisory

Affected Packages Affected Versions Fixed Versions
npm:@account-kit/smart-contracts >= 4.42.0, <= 4.51.0 4.52.0
0 Dependent packages
0 Dependent repositories
85,536 Downloads last month

Affected Version Ranges

All affected versions

4.42.0, 4.43.0, 4.43.1, 4.44.0, 4.45.0, 4.46.0, 4.46.1, 4.47.0, 4.48.0, 4.49.0, 4.50.0, 4.50.1, 4.51.0

All unaffected versions

4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.6.0, 4.6.1, 4.7.0, 4.8.0, 4.9.0, 4.10.0, 4.11.0, 4.12.0, 4.13.0, 4.14.0, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0, 4.17.0, 4.18.0, 4.19.0, 4.20.0, 4.20.1, 4.21.0, 4.22.0, 4.23.0, 4.23.1, 4.24.0, 4.25.0, 4.25.1, 4.26.0, 4.27.0, 4.28.0, 4.28.1, 4.28.2, 4.28.3, 4.29.0, 4.30.0, 4.31.0, 4.31.1, 4.31.2, 4.32.0, 4.33.0, 4.34.0, 4.34.1, 4.35.0, 4.35.1, 4.36.0, 4.36.1, 4.37.0, 4.38.0, 4.39.0, 4.40.0, 4.41.0, 4.52.0, 4.52.1

Impact

A potential security issue has been mitigated on old account deployment functions from the factory. Smart wallets in use on all existing supported networks are not impacted.

Patches

Please direct creation of new wallets to either createSemiModularAccount on AccountFactory.sol or createWebAuthnAccount on WebAuthnFactory.sol.

References:

Identifiers

GHSA-56r6-ccm5-8hg3

Risk

Severity

High

CVSS

CVSS Score: 8.0

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/alchemyplatform/modular-account

Date and time

Published

10 days ago

Updated

10 days ago

API

JSON