{"url":"http://public2.vulnerablecode.io/api/packages/380630?format=json","purl":"pkg:nuget/moq@4.20.2","type":"nuget","namespace":"","name":"moq","version":"4.20.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.20.2","latest_non_vulnerable_version":"4.20.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360981?format=json","vulnerability_id":"VCID-ud89-ws2p-4yg8","summary":"Moq v4.20.0-rc to 4.20.1 share hashed user data\nMoq v4.20.0-rc to 4.20.1 include support for [SponsorLink](https://github.com/devlooped/SponsorLink), which runs an obfuscated DLL at build time that scans local `git config` data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this.\n\nMoq v4.20.2 has removed this functionality.","references":[{"reference_url":"https://github.com/moq/moq","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moq/moq"},{"reference_url":"https://github.com/moq/moq/issues/1374","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moq/moq/issues/1374"},{"reference_url":"https://github.com/moq/moq/pull/1363","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moq/moq/pull/1363"},{"reference_url":"https://github.com/moq/moq/pull/1375","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moq/moq/pull/1375"},{"reference_url":"https://www.cazzulino.com/sponsorlink.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cazzulino.com/sponsorlink.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380630?format=json","purl":"pkg:nuget/moq@4.20.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/moq@4.20.2"}],"aliases":["GHSA-6r78-m64m-qwcf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ud89-ws2p-4yg8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/moq@4.20.2"}