Etsy::StatsD versions through 1.002002 for Perl allow metric injections.
The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inje
Net::Statsd versions before 0.13 for Perl allow metric injections.
The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional sta
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources co
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections.
The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inje
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.
The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject addi
Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions) allow mutiple metrics, separated by newlines, to be sent p
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections.
The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sourc
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics, separated by n
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections.
Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd.
Newlines are not removed fro
Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics, separated by ne
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections.
DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources.
The send_st
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags.
DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sourc
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids.
If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on anot
Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses.
If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.
Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.
A file handle is opened with the 2 argument form of `open()` allowing an
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources ve
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.
As stated in the documentation: "If the lengths of
Page 1+ Next →