What is GHSA-vqfg-jwcg-58ww?

GHSA-vqfg-jwcg-58ww is a security advisory published by GitHub Security Advisories with High severity. Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and...

Which CVE IDs does GHSA-vqfg-jwcg-58ww cover?

GHSA-vqfg-jwcg-58ww covers the following CVE IDs: CVE-2026-46720. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-vqfg-jwcg-58ww?

GHSA-vqfg-jwcg-58ww has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-vqfg-jwcg-58wwHighCVSS 8.2

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and...

Vendor

GitHub Security Advisories

Published

May 17, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-46720 →

📋 Description

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-46720
https://github.com/robrwo/Net-Statsd-Tiny/commit/06f814f52fbcc0b2afddf7a2d6f8137fd3cede13.patch
https://metacpan.org/release/RRWO/Net-Statsd-Tiny-v0.3.8/changes
https://www.cve.org/CVERecord?id=CVE-2026-46719
https://github.com/advisories/GHSA-vqfg-jwcg-58ww