CVE-2026-11373
CRITICAL SEVERITYCVSS Score & Metrics
Base Score
9.1 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Description
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections.
Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd.
Newlines are not removed from metric names, allowing metric injections.
Values are not sanitised for newlines or other protocol control characters such as colons or pipes, allowing metric injections.
Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd.
Newlines are not removed from metric names, allowing metric injections.
Values are not sanitised for newlines or other protocol control characters such as colons or pipes, allowing metric injections.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-93
Source
NVD
Vendor
JASEI
Product
Net::Statsite::Client
External References
- http://armon.github.io/statsite
- https://metacpan.org/release/JASEI/Net-Statsite-Client-1.1.0/view/lib/Net/Statsite/Client.pm
- https://security.metacpan.org/patches/N/Net-Statsite-Client/1.1.0/CVE-2026-11373-r1.patch
- https://www.cve.org/CVERecord?id=CVE-2026-46719
- https://www.cve.org/CVERecord?id=CVE-2026-46720
- https://www.cve.org/CVERecord?id=CVE-2026-46739
Discussion (0)
Add Comment
No comments yet. Be the first!