HIGHCVE-2026-45180Published Modified CNA CPANSec
CVE-2026-45180: Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- RRWO / Catalyst::Plugin::Statsd≤ 0.10.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences