Etsy::StatsD versions through 1.002002 for Perl allow metric injections

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

Etsy::StatsD versions through 1.002002 for Perl allow metric injections.

The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.

Basic Information

ID CVE-2026-46741

Source CPANSec

Published Jun 4, 2026 at 15:54

Modified Jun 4, 2026 at 17:41

Affected Product

Vendor SANBEG

Product Etsy::StatsD

Affected Versions SANBEG Etsy::StatsD 0

CWE Classification

CWE-93

References

{
    "lastseen": "",
    "description": "Etsy::StatsD versions through 1.002002 for Perl allow metric injections.\n\nThe metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.\n\nNote that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.",
    "published": "2026-06-04T15:54:48.934Z",
    "modified": "2026-06-04T17:41:32.496Z",
    "type": "cve",
    "title": "Etsy::StatsD versions through 1.002002 for Perl allow metric injections",
    "source": "CPANSec",
    "references": "https://www.cve.org/CVERecord?id=CVE-2026-46719\nhttps://www.cve.org/CVERecord?id=CVE-2026-46720",
    "id": "CVE-2026-46741",
    "bulletinFamily": "",
    "cwe": [
        "CWE-93"
    ],
    "cvelist": null,
    "sourceData": "SANBEG Etsy::StatsD 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Etsy::StatsD",
    "version": "0",
    "vendor": "SANBEG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Etsy::StatsD versions through 1.002002 for Perl allow metric injections_CVE-2026-46741