x/vulndb: potential Go vuln in github.com/evmos/evmos: CVE-2024-37154

[tatianab]

CVE-2024-37154 references github.com/evmos/evmos, which may be a Go module.

Description:
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. This affects 18.1.0 and earlier.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-37154
• JSON: https://github.com/CVEProject/cvelist/tree/e076e9c24f3ede5a41143e706602e9c41139fd45/2024/37xxx/CVE-2024-37154.json
• advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-37154
• web: GHSA-7hrh-v6wp-53vw
• Imported by: https://pkg.go.dev/github.com/evmos/evmos?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/evmos/evmos
      vulnerable_at: 1.1.3
      packages:
        - package: evmos
summary: CVE-2024-37154 in github.com/evmos/evmos
cves:
    - CVE-2024-37154
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-37154
    - web: https://github.com/evmos/evmos/security/advisories/GHSA-7hrh-v6wp-53vw
source:
    id: CVE-2024-37154
    created: 2024-06-07T17:18:05.134375-04:00
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/592456 mentions this issue: data/reports: add 19 unreviewed reports

[gopherbot]

Change https://go.dev/cl/592457 mentions this issue: data/reports: add 16 unreviewed reports