CVE-2024-32873: evmos allows transferring unvested tokens after delegations

June 6, 2024

This advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts.

References

github.com/advisories/GHSA-pxv8-qhrh-jc7v
github.com/evmos/evmos
github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb
github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v
nvd.nist.gov/vuln/detail/CVE-2024-32873

Detect and mitigate CVE-2024-32873 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →