Description
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.

The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Version 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720).
Published: 2026-05-26
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Upgrade to Mojolicious::Plugin::Statsd version 0.06 or later.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 23:15:00 +0000

Type Values Removed Values Added
Description Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720).
Title Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections
Weaknesses CWE-93
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-05-26T22:48:03.747Z

Reserved: 2026-05-17T18:04:31.500Z

Link: CVE-2026-46740

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-26T23:16:20.923

Modified: 2026-05-26T23:16:20.923

Link: CVE-2026-46740

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses