CVE-2026-8722 PUBLISHED

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections

Assigner: CPANSec
Reserved: 16.05.2026 Published: 03.06.2026 Updated: 03.06.2026

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections.

The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Product Status

Vendor TEAM
Product Net::Async::Statsd::Client
Versions Default: unaffected
  • affected from 0 to 0.005 (incl.)

Workarounds

Ensure only trusted data is submitted to metrics.

References

Problem Types

  • CWE-93 Improper Neutralization of CRLF Sequences CWE