← volver
CVE-2026-11373

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections

CVSS 9.1 CRITICALEPSS 0.4%CWE-150CWE-93
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol control characters such as colons or pipes, allowing metric injections.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Productos afectados
JASEI · Net::Statsite::Client

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://armon.github.io/statsitehttps://metacpan.org/release/JASEI/Net-Statsite-Client-1.1.0/view/lib/Net/Statsite/Client.pmhttps://security.metacpan.org/patches/N/Net-Statsite-Client/1.1.0/CVE-2026-11373-r1.patchhttps://www.cve.org/CVERecord?id=CVE-2026-46719https://www.cve.org/CVERecord?id=CVE-2026-46720https://www.cve.org/CVERecord?id=CVE-2026-46739