6.5
CVE-2026-50639
- EPSS 0.26%
- Veröffentlicht 10.06.2026 19:16:37
- Zuletzt bearbeitet 23.06.2026 15:45:15
- Quelle 9b29abf9-4ab0-4765-b253-1875cd
- CVE-Watchlists
- Unerledigt
LoginMetrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections
Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::SignalFx which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability. In addition, the _labels function does not check tags labels newlines or statsd control characters. The labels can be used for metric injections.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pevans ≫ Metrics::any::adapter::signalfx SwPlatformperl Version < 0.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.176 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes
https://www.cve.org/CVERecord?id=CVE-2026-50637
https://www.cve.org/CVERecord?id=CVE-2026-9270
https://www.cve.org/CVERecord?id=CVE-2026-50638