CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2026-50637

HIGH
8.2
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile25.20th
Published2026年6月10日
Last Modified2026年6月11日

Vulnerability Description

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the names have newlines and statsd control characters (colon, pipe) then metric injections are possible. Version 0.04 fixed this by modifying the _make method to block metric names with characters below ASCII 32 (which includes the newline), or colons or pipes.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes
🔗 https://www.cve.org/CVERecord?id=CVE-2026-46719
🔗 https://www.cve.org/CVERecord?id=CVE-2026-46720
🔗 https://www.cve.org/CVERecord?id=CVE-2026-46739

相關漏洞威脅

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...