26 matches found
EUVD-2026-36105
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...
PT-2026-48519
Name of the Vulnerable Software and Affected Versions Metrics::Any::Adapter::Statsd versions prior to 0.04 Description The software does not protect against metric injections. The statsd protocol allows multiple metrics to be sent per packet, separated by newlines. The send method fails to valida...
CVE-2026-9270
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...
CVE-2026-11362 DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The formatevent method used by the event method does not validate the content of the tags, whi...
CVE-2026-9270 DataDog::DogStatsd versions through 0.07 for Perl allow metric injections
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...
DataDog::DogStatsd 安全漏洞
DataDog::DogStatsd is a Perl monitoring client library developed by DataDog Corporation that supports the DogStatsD protocol. Versions of DataDog::DogStatsd prior to 0.07 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of inputs, the sendstats method not...
Linux Distros Unpatched Vulnerability : CVE-2026-46739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from...
CVE-2026-46739
Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...
CVE-2026-46739
Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...
EUVD-2026-34188
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
Etsy::StatsD 安全漏洞
Etsy::StatsD is an open-source application performance monitoring and metric collection component developed by statsd. Etsy::StatsD versions 1.002002 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks for line breaks, colons, or pipes in metric...
Net::Statsd::Lite 安全漏洞
Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.13 contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks for line breaks, colons, or pipes in...
CVE-2026-8722
Net::Async::Statsd::Client (Perl) is affected up to version 0.005. The issue arises from unvalidated metric names that may contain newlines, colons, or pipes, allowing metric injections. No exploitation details are provided in the documents, and no remediation version is specified here; upgrading...
PT-2026-46078
Name of the Vulnerable Software and Affected Versions Net::Async::Statsd::Client versions prior to 0.006 Description Net::Async::Statsd::Client for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted...
CVE-2026-46720
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-46740
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
EUVD-2026-32021
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
CVE-2026-46740 Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
Mojolicious::Plugin::Statsd 安全漏洞
Mojolicious::Plugin::Statsd is a plugin developed by Robert Rothenberg, designed to send application metrics to Statsd. Versions of Mojolicious::Plugin::Statsd 0.04 and earlier contain security vulnerabilities. These vulnerabilities arise from the lack of checks for line breaks, colons, or pipes ...
CVE-2026-46719
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...