CyberSec.Space Logo
CVEブラウザに戻る

CVE-2026-50638

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1980%
EPSS Percentile15.24th
Published2026年6月10日
Last Modified2026年6月11日

Vulnerability Description

Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability. In addition, the _tags function does not check tags for newlines or statsd control characters. The tags can be used for metric injections.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes
🔗 https://www.cve.org/CVERecord?id=CVE-2026-50637
🔗 https://www.cve.org/CVERecord?id=CVE-2026-9270

関連する脆弱性情報

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...