By weakness (CWE)
CWE-150: related vulnerabilities
CVEs classified under CWE-150. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-46741HIGH 7.5
Etsy::StatsD, a Perl library used to send monitoring metrics to StatsD servers, fails to properly validate metric names and values before transmission. An attacker who controls data that flows into the application's metrics can inject malicious StatsD commands by embedding newlines, colons, or pipes—characters that have special meaning in the StatsD protocol. This allows injection of unauthorized metrics that could disrupt monitoring, mask real alerts, or degrade observability infrastructure.
- CVE-2026-46739MEDIUM 5.3
Net::Statsd is a Perl library used to send metrics to statsd monitoring servers. Versions before 0.13 fail to validate metric names and values, allowing an attacker to inject arbitrary statsd commands by crafting malicious metric input. If an application uses Net::Statsd to process untrusted data—such as user-supplied values or data from external APIs—an attacker can inject additional metrics into the monitoring stream, potentially corrupting metrics, creating false alerts, or degrading visibility into system health.