Etsy
Monthly
Metric injection in the Etsy::StatsD Perl module (versions through 1.002002) allows remote attackers to inject arbitrary statsd metrics by supplying input containing unescaped newlines, colons, or pipe characters to metric names or values. Applications that build metrics from untrusted sources (HTTP parameters, user identifiers, log fields) can be coerced into emitting forged measurements, corrupting downstream monitoring, dashboards, and alerting. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.
Metric injection in the Etsy::StatsD Perl module (versions through 1.002002) allows remote attackers to inject arbitrary statsd metrics by supplying input containing unescaped newlines, colons, or pipe characters to metric names or values. Applications that build metrics from untrusted sources (HTTP parameters, user identifiers, log fields) can be coerced into emitting forged measurements, corrupting downstream monitoring, dashboards, and alerting. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.