Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.

The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Basic Information

ID CVE-2026-46719

Source CPANSec

Published May 16, 2026 at 13:37

Modified May 19, 2026 at 12:51

Affected Product

Vendor RRWO

Product Net::Statsd::Lite

Affected Versions RRWO Net::Statsd::Lite 0

CWE Classification

CWE-93

References

{
    "lastseen": "",
    "description": "Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.\n\nThe metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.",
    "published": "2026-05-16T13:37:22.000Z",
    "modified": "2026-05-19T12:51:28.945Z",
    "type": "cve",
    "title": "Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections",
    "source": "CPANSec",
    "references": "https://metacpan.org/release/RRWO/Net-Statsd-Lite-v0.9.0/changes\nhttps://github.com/robrwo/Net-Statsd-Lite/commit/e1a8ab866d75c2827982134e9cf7e51a7f771153.patch",
    "id": "CVE-2026-46719",
    "bulletinFamily": "",
    "cwe": [
        "CWE-93"
    ],
    "cvelist": null,
    "sourceData": "RRWO Net::Statsd::Lite 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Net::Statsd::Lite",
    "version": "0",
    "vendor": "RRWO",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections_CVE-2026-46719