CVE-2026-45179

Published: Mag 10, 2026 Last Modified: Mag 11, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses.

If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' IP addresses may be leaked.

Since version 0.9.0, the IP address is no longer logged to statsd unless configured. When configured, an HMAC signature of the IP address is logged instead.

319

Cleartext Transmission of Sensitive Information

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality

Potential Impacts:

Read Application Data Modify Files Or Directories Other

Applicable Platforms

Technologies: Cloud Computing, ICS/OT, Mobile, Not Technology-Specific, System on Chip, Test/Debug Hardware

Likelihood of Exploit: High

View CWE Details

https://github.com/robrwo/Plack-Middleware-Statsd/security/…

https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-9gwm…

https://metacpan.org/release/RRWO/Plack-Middleware-Statsd-v…

https://metacpan.org/release/RRWO/Plack-Middleware-Statsd-v0.9.0/changes

http://www.openwall.com/lists/oss-security/2026/05/10/4

CVE-2026-45179

Description

Cleartext Transmission of Sensitive Information

Common Consequences

Applicable Platforms

Iscriviti alla newsletter