CPANSA-Plack-Middleware-Statsd-2026-45179: Plack-Middleware-Statsd vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2026-05-10T00:00:00 | Engine | CSAF Perl Toolkit 0.26 |
| Current release date | 2026-05-10T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | 5.3 | Severity | |
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no longer logged to statsd unless configured. When configured, an HMAC signature of the IP address is logged instead.
Vulnerabilities
CVE-2026-45179
Vulnerability DescriptionPlack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses.
If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' IP addresses may be leaked.
Since version 0.9.0, the IP address is no longer logged to statsd unless configured. When configured, an HMAC signature of the IP address is logged instead.
| Weakness | CWE-319 : Cleartext Transmission of Sensitive Information |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Plack-Middleware-Statsd less than 0.9.0 |
|
Fixed
- Plack-Middleware-Statsd greater than or equal 0.9.0
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Plack-Middleware-Statsd-2026-45179 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2026/cpansa-plack-middleware-statsd-2026-45179.json - https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-9gwm-665p-w2xx external
https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-9gwm-665p-w2xx - https://metacpan.org/release/RRWO/Plack-Middleware-Statsd-v0.9.0/changes external
https://metacpan.org/release/RRWO/Plack-Middleware-Statsd-v0.9.0/changes - http://www.openwall.com/lists/oss-security/2026/05/10/4 external
http://www.openwall.com/lists/oss-security/2026/05/10/4 - CVE-2026-45179 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2026-45179
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Sun May 10 00:00:00 2026 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/