PT-2026-41648 · Cpan · Net::Statsd::Lite
Published
2026-05-18
·
Updated
2026-05-20
·
CVE-2026-8788
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Net::Statsd::Lite versions prior to 0.10.0
Description
Net::Statsd::Lite for Perl allows metric injections because the
set add() function does not validate values for newlines, colons, or pipes. This allows metrics generated from untrusted sources to inject additional statsd metrics.Recommendations
Update to version 0.10.0 or later.
As a temporary workaround, restrict the use of the
set add() function with untrusted input.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Net::Statsd::Lite