CVE-2026-46741

EPSS 0.26%
Veröffentlicht 04.06.2026 15:54:48
Zuletzt bearbeitet 08.06.2026 16:33:05
Quelle 9b29abf9-4ab0-4765-b253-1875cd
CVE-Watchlists
Login
Unerledigt
Login

Etsy::StatsD versions through 1.002002 for Perl allow metric injections

Etsy::StatsD versions through 1.002002 for Perl allow metric injections.

The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sanbeg ≫ Etsy::statsd SwPlatformperl Version <= 1.002002

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.173

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

https://www.cve.org/CVERecord?id=CVE-2026-46719

Third Party Advisory

https://www.cve.org/CVERecord?id=CVE-2026-46720

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-46741

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-46741

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-46741

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-46741