Primary

Context

Net::Statsd::Lite Metric Injection Vulnerability

Vulnerability

Patched

A vulnerability in Net::Statsd::Lite for Perl, affecting versions prior to 0.10.0, allowed for metric injections. The issue arose because the set_add method did not validate metric names against newlines, colons, or pipes. This oversight enabled the injection of additional StatsD metrics from untrusted sources.

Impact

Exploitation of this vulnerability could lead to unauthorized metric injections, allowing manipulation of StatsD data.

Remediation

Users can upgrade to Net::Statsd::Lite version 0.10.1 or later, where this vulnerability has been addressed. Version 0.9.0 also fixed a similar issue related to metric name validation.

Added: May 18, 2026, 8:18 AM

Updated: May 18, 2026, 8:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Net::Statsd::Lite Metric Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

RRWO Net::Statsd::Lite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating