CPANSA-Net-Statsd-Lite-2026-8788: Net-Statsd-Lite vulnerability

Publisher giterlizzi Document category csaf_security_advisory
Initial release date 2026-05-18T00:00:00 Engine CSAF Perl Toolkit 0.26
Current release date 2026-05-18T00:00:00 Build Date
Current version 1 Status final
CVSS v3.1 Base Score 7.3 Severity
Original language Language en
Also referred to

Vulnerability Description

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names.

Vulnerabilities

CVE-2026-8788

Vulnerability Description

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections.

The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Note that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names.

Weakness CWE-93 : Improper Neutralization of CRLF Sequences ('CRLF Injection')

Product status

Known affected
Product Score
Net-Statsd-Lite less than or equal 0.10.0
CVSS Version CVSS Vector CVSS Base Score CVSS Base Severity
3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.3 High
Fixed

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

Revision history

Version Date of the revision Summary of the revision
1 Mon May 18 00:00:00 2026 First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/