PT-2026-43429 · Rrwo+1 · Mojolicious::Plugin::Statsd+1
Robert Rothenberg
·
Published
2026-05-26
·
Updated
2026-06-19
·
CVE-2026-46740
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mojolicious::Plugin::Statsd versions prior to 0.06
Description
This issue allows metric injections when processing data from untrusted sources. The software fails to validate metric names and set values for the presence of newlines, colons, or pipes, which can be used to inject additional statsd metrics.
Recommendations
Update Mojolicious::Plugin::Statsd to version 0.06 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mojolicious::Plugin::Statsd
Perl-Mojolicious-Plugin-Statsd