CVE-2026-50637

EPSS 0.32%
Veröffentlicht 10.06.2026 19:16:37
Zuletzt bearbeitet 24.06.2026 14:43:50
Quelle 9b29abf9-4ab0-4765-b253-1875cd
CVE-Watchlists
Login
Unerledigt
Login

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections.

The statsd protocol (and extensions) allow mutiple metrics, separated by newlines, to be sent per packet.

The send method does not validate the contents of the metric names or values. If the names have newlines and statsd control characters (colon, pipe) then metric injections are possible.

Version 0.04 fixed this by modifying the _make method to block metric names with characters below ASCII 32 (which includes the newline), or colons or pipes.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pevans ≫ Metrics::any::adapter::statsd SwPlatformperl Version < 0.04

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.24

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

https://www.cve.org/CVERecord?id=CVE-2026-46719

Third Party Advisory

https://www.cve.org/CVERecord?id=CVE-2026-46720

Third Party Advisory

https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes

Release Notes

https://www.cve.org/CVERecord?id=CVE-2026-46739

Third Party Advisory

https://www.cve.org/CVERecord?id=CVE-2026-50638

Third Party Advisory

https://www.cve.org/CVERecord?id=CVE-2026-50639

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-50637

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-50637

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-50637

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-50637