GHSA-56r6-ccm5-8hg3

Опубликовано: 21 июл. 2025

Источник: github

Github: Прошло ревью

CVSS4: 8

Описание

Alchemy Non-SMA and Webauthn Account Security Advisory

Impact

A potential security issue has been mitigated on old account deployment functions from the factory. Smart wallets in use on all existing supported networks are not impacted.

Patches

Please direct creation of new wallets to either createSemiModularAccount on AccountFactory.sol or createWebAuthnAccount on WebAuthnFactory.sol.

Ссылки

https://github.com/alchemyplatform/modular-account/security/advisories/GHSA-56r6-ccm5-8hg3
https://github.com/alchemyplatform/aa-sdk/commit/b343437a9e4a833c25fed7bc8785a815cbbae0ee
https://github.com/alchemyplatform/modular-account/commit/2352c9b692935ba97d98619cb31ba1653eee241f

Пакеты

Наименование

@account-kit/smart-contracts

npm

Затронутые версииВерсия исправления

>= 4.42.0, <= 4.51.0

4.52.0

8 High

CVSS4

Дефекты

CWE-287

8 High

CVSS4

Дефекты

CWE-287