GHSA-56r6-ccm5-8hg3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-56r6-ccm5-8hg3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-56r6-ccm5-8hg3/GHSA-56r6-ccm5-8hg3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-56r6-ccm5-8hg3
- Published
- 2025-07-21T14:20:40Z
- Modified
- 2025-07-21T14:20:40Z
- Severity
-
- 8.0 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Alchemy Non-SMA and Webauthn Account Security Advisory
- Details
-
Impact
A potential security issue has been mitigated on old account deployment functions from the factory. Smart wallets in use on all existing supported networks are not impacted.
Patches
Please direct creation of new wallets to either
createSemiModularAccountonAccountFactory.solorcreateWebAuthnAccountonWebAuthnFactory.sol. - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-287" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-07-21T14:20:40Z" }- References
-
- https://github.com/alchemyplatform/modular-account/security/advisories/GHSA-56r6-ccm5-8hg3
- https://github.com/alchemyplatform/aa-sdk/commit/b343437a9e4a833c25fed7bc8785a815cbbae0ee
- https://github.com/alchemyplatform/modular-account/commit/2352c9b692935ba97d98619cb31ba1653eee241f
- https://github.com/alchemyplatform/modular-account
Affected packages
npm / @account-kit/smart-contracts
Package
- Name
- @account-kit/smart-contracts
- View open source insights on deps.dev
- Purl
- pkg:npm/%40account-kit/smart-contracts