Name of the Vulnerable Software and Affected Versions Moq versions 4.20.0-rc through 4.20.1

Description The issue concerns the inclusion of SponsorLink in certain versions of Moq, which runs an obfuscated DLL at build time. This DLL scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this functionality.

Recommendations For Moq versions 4.20.0-rc through 4.20.1, update to Moq version 4.20.2 or later, which has removed the SponsorLink functionality.