Home > Vulnerability Database > CVE-2024-37154

Mend.io Vulnerability Database

CVE-2024-37154

Date: June 6, 2024

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via `ClawbackVestingAccount`. This affects 18.1.0 and earlier.

Language: Go

Severity Score

5.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37154

Url: https://github.com/evmos/evmos/security/advisories/GHSA-7hrh-v6wp-53vw

Url: https://github.com/evmos/evmos

Url: https://pkg.go.dev/vuln/GO-2024-2904

Url: https://www.mend.io/vulnerability-database/CVE-2024-37154

Severity Score

5.3

Weakness Type (CWE)

Improper Authorization

CWE-285

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37154

Date: June 6, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?