Cosimo

**Name of the Vulnerable Software and Affected Versions** Net::Statsd versions prior to 0.13 **Description** Net::Statsd for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted sources to inject additional statsd metrics. Specifically, the `update stats()` function (used for updating counters) and the `gauge()` function do not verify that values are numeric, which would otherwise prevent such injections. **Recommendations** Update to version 0.13 or later.