Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02cjc4LW02NG0tcXdjZs4AA1OC
Moq v4.20.0-rc to 4.20.1 share hashed user data
Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this.
Moq v4.20.2 has removed this functionality.
Permalink: https://github.com/advisories/GHSA-6r78-m64m-qwcfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cjc4LW02NG0tcXdjZs4AA1OC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 9 months ago
Updated: 8 months ago
Identifiers: GHSA-6r78-m64m-qwcf
References:
- https://github.com/moq/moq/issues/1374
- https://github.com/moq/moq/pull/1363
- https://github.com/moq/moq/pull/1375
- https://www.cazzulino.com/sponsorlink.html
- https://github.com/advisories/GHSA-6r78-m64m-qwcf
Blast Radius: 0.0
Affected Packages
nuget:moq
Dependent packages: 16Dependent repositories: 632
Downloads: 599,224,056 total
Affected Version Ranges: >= 4.20.0-rc, < 4.20.2
Fixed in: 4.20.2
All affected versions: 4.20.0, 4.20.0-rc, 4.20.1
All unaffected versions: 4.0.10827, 4.5.0, 4.5.3, 4.5.7, 4.5.8, 4.5.9, 4.5.10, 4.5.13, 4.5.16, 4.5.18, 4.5.19, 4.5.20, 4.5.21, 4.5.22, 4.5.23, 4.5.28, 4.5.29, 4.5.30, 4.6.0, 4.7.0, 4.7.1, 4.7.7, 4.7.8, 4.7.9, 4.7.10, 4.7.11, 4.7.12, 4.7.25, 4.7.46, 4.7.49, 4.7.58, 4.7.63, 4.7.99, 4.7.127, 4.7.137, 4.7.142, 4.7.145, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.9.0, 4.10.0, 4.10.1, 4.11.0, 4.12.0, 4.13.0, 4.13.1, 4.14.0, 4.14.1, 4.14.2, 4.14.3, 4.14.4, 4.14.5, 4.14.6, 4.14.7, 4.15.1, 4.15.2, 4.16.0, 4.16.1, 4.17.1, 4.17.2, 4.18.0, 4.18.1, 4.18.2, 4.18.3, 4.18.4, 4.20.2, 4.20.69, 4.20.70