x/vulndb: potential Go vuln in github.com/spacemeshos/api: GHSA-jcqq-g64v-gcm7

[GoVulnBot]

In GitHub Security Advisory GHSA-jcqq-g64v-gcm7, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/spacemeshos/api	1.37.1	< 1.37.1

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/spacemeshos/api
      versions:
        - fixed: 1.5.2-hotfix1
      packages:
        - package: github.com/spacemeshos/go-spacemesh
    - module: github.com/spacemeshos/api
      versions:
        - fixed: 1.37.1
      vulnerable_at: 1.37.0
      packages:
        - package: github.com/spacemeshos/api
summary: |-
    Previous ATX is not checked to be the newest valid ATX by Smesher when
    validating incoming ATX in github.com/spacemeshos/api
cves:
    - CVE-2024-34360
ghsas:
    - GHSA-jcqq-g64v-gcm7
references:
    - advisory: https://github.com/spacemeshos/go-spacemesh/security/advisories/GHSA-jcqq-g64v-gcm7
    - fix: https://github.com/spacemeshos/api/commit/1d5bd972bbe225d024c3e0ae5214ddb6b481716e
    - fix: https://github.com/spacemeshos/go-spacemesh/commit/9aff88d54be809ac43d60e8a8b4d65359c356b87
    - web: https://spacemesh.io/blog/spacemesh-white-paper-1
source:
    id: GHSA-jcqq-g64v-gcm7

[gopherbot]

Change https://go.dev/cl/585075 mentions this issue: data/reports: add GO-2024-2831.yaml