Vulnerability DatabaseWS-2023-0282
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2023-0282
December 01, 2024
Moq v4.20.0 and 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality.
Related Resources (7)
https://github.com/moq/moq/issues/1374
https://github.com/moq/moq/pull/1375
https://github.com/moq/moq/pull/1363
https://github.com/moq/moq
https://github.com/advisories/GHSA-6r78-m64m-qwcf
https://www.cazzulino.com/sponsorlink.html
https://github.com/moq/moq/commit/a7dcd43c3ca192ad3dcc813f4ddedae96914fe26
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE