PT-2026-41426 · Cpan · Net::Statsd::Lite
Published
2026-05-16
·
Updated
2026-06-19
·
CVE-2026-46719
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Net::Statsd::Lite versions prior to 0.9.0
Description
Net::Statsd::Lite for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This enables metrics generated from untrusted sources to inject additional statsd metrics.
Recommendations
Update to version 0.9.0 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Net::Statsd::Lite