130 matches found
CVE-2026-46740
The CVE affects Mojolicious::Plugin::Statsd up to version 0.04 for Perl, where metric names/values could be injected via untrusted sources due to unvalidated newlines/colons/pipes. The issue arises in the metrics pipeline; as of version 0.06, the module was changed to use a separate statsd client...
CVE-2026-46740
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
PT-2026-43429
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
Mojolicious::Plugin::Statsd 安全漏洞
Mojolicious::Plugin::Statsd is a plugin developed by Robert Rothenberg, designed to send application metrics to Statsd. Versions of Mojolicious::Plugin::Statsd 0.04 and earlier contain security vulnerabilities. These vulnerabilities arise from the lack of checks for line breaks, colons, or pipes ...
CVE-2026-46719
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-8788
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
CVE-2026-8788
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
CVE-2026-8788
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
EUVD-2026-30739
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
CVE-2026-8788 Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
CVE-2026-8788
CVE-2026-8788 affects Net::Statsd::Lite up to version 0.10.0 on Perl. The issue arises because values passed to the set_add method are not validated for newlines, colons, or pipes, allowing untrusted sources to inject additional metrics. Multiple connected sources confirm the same description acr...
CVE-2026-8788 Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
Net::Statsd::Lite 注入漏洞
Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.10.0 have a vulnerability due to the setadd method not checking for line breaks, colons, or pipes, which may lead to metric...
PT-2026-41648
Name of the Vulnerable Software and Affected Versions Net::Statsd::Lite versions prior to 0.10.0 Description Net::Statsd::Lite for Perl allows metric injections because the set add function does not validate values for newlines, colons, or pipes. This allows metrics generated from untrusted sourc...
CVE-2026-46720
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-46720 Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-46720 Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-46720
Net::Statsd::Tiny for Perl is affected by CVE-2026-46720 in versions before 0.3.8. The vulnerability arises because metric names and set values are not validated for newlines, colons, or pipes, allowing metrics from untrusted sources to inject additional statsd metrics. Affected product/version: ...
Net::Statsd::Tiny 注入漏洞
Net::Statsd::Tiny is a lightweight StatsD client developed by Robert Rothenberg, which supports the aggregation of multiple metrics. Versions of Net::Statsd::Tiny prior to 0.3.8 had an injection vulnerability. This vulnerability stemmed from the lack of checks for line breaks, colons, or vertical...
CVE-2026-46719 Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...