CVE-2026-50637

*** Pendiente de traducción *** Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections.<br /> <br /> The statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent per packet.<br /> <br /> The send method does not validate the contents of the metric names or values. If the names have newlines and statsd control characters (colon, pipe) then metric injections are possible.<br /> <br /> Version 0.04 fixed this by modifying the _make method to block metric names with characters below ASCII 32 (which includes the newline), or colons or pipes.