QwikSec

Security Database

CVE

CWE

Training

CVE-2026-45179

Published: May 10, 2026

Modified: May 12, 2026

PUBLISHED

Description

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no longer logged to statsd unless configured. When configured, an HMAC signature of the IP address is logged instead.

Vendor	Product	Versions
RRWO	Plack::Middleware::Statsd	affected `0 - < 0.9.0`

Weaknesses (CWE)

References

https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-9gwm-665p-w2xx

vendor-advisory

https://metacpan.org/release/RRWO/Plack-Middleware-Statsd-v0.9.0/changes

release-notes

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.