A high-severity vulnerability has been identified in the JSON::XS component used across multiple products from the vendor "before". This flaw allows a remote attacker to send specially crafted data that can cause the affected application to become unresponsive, leading to a denial-of-service condition. Organizations are urged to apply security updates immediately to prevent potential service disruptions and protect against exploitation.

The vulnerability exists in the way the JSON::XS library parses JSON objects. An unauthenticated, remote attacker can craft a JSON payload containing a large number of keys that result in hash collisions. When the vulnerable library attempts to parse this malicious payload, its performance degrades significantly, causing excessive CPU consumption and leading to an algorithmic complexity attack that results in a complete denial-of-service (DoS) for the affected application or service.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation of this flaw can lead to significant business disruption by making critical applications and services unavailable to users, partners, and customers. The potential consequences include financial losses due to downtime, damage to brand reputation, and failure to meet Service Level Agreements (SLAs). Any internet-facing system that accepts and processes JSON input using the vulnerable library is at a high and direct risk of attack.

Immediate Action: Upgrade the affected JSON::XS component to version 4.0 or later by applying the security updates provided by the vendor. After patching, it is critical to monitor application performance and review access logs for any signs of failed or successful exploitation attempts that may have occurred prior to remediation.

Proactive Monitoring: Security and operations teams should monitor for indicators of compromise, including sudden and sustained spikes in CPU utilization on application servers, alerts from Application Performance Monitoring (APM) tools indicating abnormally slow transaction times, and unusually large or complex JSON payloads in web server access logs (e.g., in HTTP POST requests).

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Deploy a Web Application Firewall (WAF) with rules to inspect and block malformed or excessively complex JSON payloads.
• Enforce strict size limits on incoming JSON request bodies at the web server or load balancer level.
• Implement rate-limiting on API endpoints that consume JSON to slow down potential brute-force or DoS attempts.

Public Exploit Available: false

Given the high severity (CVSS 7.5) and the potential for significant operational disruption, we strongly recommend that organizations prioritize the immediate patching of this vulnerability. All systems utilizing the affected component, especially public-facing applications, should be updated on an expedited basis. While this vulnerability is not currently listed on the CISA KEV list, its potential impact warrants immediate attention. If patching is delayed, the compensating controls listed above should be implemented as an urgent temporary measure.