CVE-2024-37154

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-37154
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37154.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-37154
Aliases
Published
2024-06-06T19:04:08.386Z
Modified
2026-03-14T12:34:20.953727Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Evmos allows unvested token delegations
Details

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. This affects 18.1.0 and earlier.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/37xxx/CVE-2024-37154.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-285"
    ]
}
References

Affected packages

Git / github.com/evmos/evmos

Affected ranges

Type
GIT
Repo
https://github.com/evmos/evmos
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0039c64c8201bb0a0c6389712a06ffa50849e8b4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "18.1.0"
        }
    ]
}

Affected versions

v16.*
v16.0.0
v16.0.0-rc1
v16.0.0-rc2
v16.0.0-rc2.1
v16.0.0-rc4
v16.0.0-rc5
v16.0.1
v16.0.2
v16.0.3
v17.*
v17.0.0
v18.*
v18.0.0
v18.1.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37154.json"