Home > Vulnerability Database > WS-2023-0282

Mend.io Vulnerability Database

WS-2023-0282

Good to know:

Date: August 8, 2023

Moq v4.20.0 and 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality.

Language: C#

Severity Score

4.3

Related Resources (3)

Url: https://github.com/moq/moq/commit/a7dcd43c3ca192ad3dcc813f4ddedae96914fe26

Url: https://github.com/advisories/GHSA-6r78-m64m-qwcf

Url: https://www.mend.io/vulnerability-database/WS-2023-0282

Severity Score

4.3

Weakness Type (CWE)

Embedded Malicious Code

CWE-506

Top Fix

Upgrade Version

Upgrade to version Moq - 4.20.2,4.20.69

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0282

Good to know:

Date: August 8, 2023

Language: C#

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?