Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Etsy::StatsD versions through 1.002002 for Perl allow metric injections
Vulnerability Description
Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.
CVSS Information
N/A
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
Etsy::StatsD 安全漏洞
Vulnerability Description
Etsy::StatsD是statsd开源的一个应用性能监控与指标采集组件。 Etsy::StatsD 1.002002及之前版本存在安全漏洞,该漏洞源于指标名称和值未检查换行符、冒号或管道,可能导致从不可信来源生成的指标注入额外statsd指标。
CVSS Information
N/A
Vulnerability Type
N/A