CVE-2026-46740

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.<br /> <br /> The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.<br /> <br /> Version 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720).