CVE-2026-9270 is a critical vulnerability in DataDog::DogStatsd versions through 0.07 for Perl. The vulnerability allows metric injections from untrusted sources due to improper input sanitization. The `send_stats` method does not remove newlines from metric names, validate the content of the value, or validate the content of the tags, allowing attackers to change the metric name prefix, inject metrics, a [truncated]
CVE-2026-11362 is a critical vulnerability in DataDog::DogStatsd versions through 0.07 for Perl. The issue arises from the library's failure to properly sanitize input, allowing metric injections of data from untrusted sources. Specifically, the format_event method, used by the event method, does not validate the content of tags. This oversight enables attackers to inject tags, potentially leading to metr [truncated]
