Skip to content

Moq v4.20.0-rc to 4.20.1 share hashed user data

Low severity GitHub Reviewed Published Aug 10, 2023 to the GitHub Advisory Database • Updated Aug 25, 2023

Package

nuget moq (NuGet)

Affected versions

>= 4.20.0-rc, < 4.20.2

Patched versions

4.20.2

Description

Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this.

Moq v4.20.2 has removed this functionality.

References

Published to the GitHub Advisory Database Aug 10, 2023
Reviewed Aug 10, 2023
Last updated Aug 25, 2023

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-6r78-m64m-qwcf

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.