NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-50638

Summary	Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability. In addition, the _tags function does not check tags for newlines or statsd control characters. The tags can be used for metric injections.
Publication Date	June 11, 2026, 4:16 a.m.
Registration Date	June 12, 2026, 4:16 a.m.
Last Update	June 11, 2026, 5:19 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes	9b29abf9-4ab0-4765-b253-1875cd9b441e
2	https://www.cve.org/CVERecord?id=CVE-2026-50637	9b29abf9-4ab0-4765-b253-1875cd9b441e
3	https://www.cve.org/CVERecord?id=CVE-2026-9270	9b29abf9-4ab0-4765-b253-1875cd9b441e

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-93	CRLF インジェクション	https://cwe.mitre.org/data/definitions/93.html