Primary

Context

Net::Statsd::Lite Metric Injection Vulnerability

Vulnerability

A vulnerability in Net::Statsd::Lite for Perl, affecting versions prior to 0.9.0, allowed for metric injection. The issue arose because metric names were not properly validated, enabling the injection of additional StatsD metrics from untrusted sources. Specifically, names could include newlines, colons, or pipes, which are not permitted by the StatsD protocol.

Impact

Exploitation of this vulnerability could lead to unauthorized metric injection, allowing attackers to manipulate or disrupt monitoring and logging systems that rely on StatsD for metric collection.

Remediation

Users can upgrade to Net::Statsd::Lite version 0.9.0 or later, where this vulnerability has been addressed. The updated version is available on CPAN.

Added: May 16, 2026, 2:18 PM

Updated: May 16, 2026, 2:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Net::Statsd::Lite Metric Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Net::Statsd::Lite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating