Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Mojolicious::Plugin::Statsd

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2026-46740
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 22:48
Updated-28 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720).

Action-Not Available
Vendor-RRWO
Product-Mojolicious::Plugin::Statsd
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')