GHSA-6r78-m64m-qwcf

Source

https://github.com/advisories/GHSA-6r78-m64m-qwcf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-6r78-m64m-qwcf/GHSA-6r78-m64m-qwcf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6r78-m64m-qwcf

Published

2023-08-10T19:25:23Z

Modified

2024-12-01T05:31:02.237947Z

Summary

Moq v4.20.0-rc to 4.20.1 share hashed user data

Details

Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this.

Moq v4.20.2 has removed this functionality.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": null,
    "github_reviewed_at": "2023-08-10T19:25:23Z",
    "severity": "LOW",
    "cwe_ids": []
}

References

Affected packages

NuGet / moq

Package

Name: moq; View open source insights on deps.dev
Purl: pkg:nuget/moq

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.20.0-rc

Fixed

4.20.2

Affected versions

4.*

4.20.0-rc

4.20.0

4.20.1