DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2024-21634 was introduced in 9.12.1 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to take...

EUVD-2024-0219

Malicious code in bioql PyPI...

ion-java: ion-java: Ion Java StackOverflow vulnerability

A vulnerability was found in Amazon Ion, an implementation of Ion data notation. Ion-java may be affected by denial of service DoS due to issues while deserializing encoded data into IonValue. A maliciously crafted Ion data structure may be processed and cause a StackOverflowError, leaving the...

ion-java: ion-java: Ion Java StackOverflow vulnerability

A vulnerability was found in Amazon Ion, an implementation of Ion data notation. Ion-java may be affected by denial of service DoS due to issues while deserializing encoded data into IonValue. A maliciously crafted Ion data structure may be processed and cause a StackOverflowError, leaving the...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2024-21634

A vulnerability was found in Amazon Ion, an implementation of Ion data notation. Ion-java may be affected by denial of service DoS due to issues while deserializing encoded data into IonValue. A maliciously crafted Ion data structure may be processed and cause a StackOverflowError, leaving the...

Security Bulletin: IBM Storage Fusion is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerab...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is...

Security Bulletin: There is a vulnerability in ion-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-21634)

Summary There is a vulnerability in ion-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for applications. By sending a...

Security Bulletin: IBM Maximo Application Suite uses ion-java-1.2.0.jar which is vulnerable to CVE-2024-21634.

Summary IBM Maximo Application Suite uses ion-java-1.2.0.jar which is vulnerable to CVE-2024-21634. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a...

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bamboo Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. This software.amazon.ion:ion-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bitbucket Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 7.21.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, and 8.18.0 of Bitbucket Data Center and Server...

Stack Overflow

Ion Java is vulnerable to Stack Overflow. The vulnerability is due to improper validation while deserializing Ion text encoded data, or deserializing Ion text or binary encoded data into an IonValue model. This issue can be exploited by an attacker via crafted malicious Ion data, resulting in...

Design/Logic Flaw

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then...

CVE-2024-21634 Ion Java StackOverflow vulnerability

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then...

CVE-2024-21634 Ion Java StackOverflow vulnerability

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then...

CVE-2024-21634 Ion Java StackOverflow vulnerability

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then...

CVE-2024-21634

CVE-2024-21634 is a DoS in Amazon Ion’s Java implementation (ion-java) prior to 1.10.5, triggered when deserializing Ion text/binary data into IonValue and invoking certain IonValue methods, leading to StackOverflowError. The issue is fixed in ion-java 1.10.5. In Jira Software Data Center/Server,...

org.partiql:partiql-coverage (>=0.13.1 <=1.0.0-perf.1), org.partiql:partiql-eval (=1.0.0-perf.1) +1 more potentially affected by CVE-2024-21634 via com.amazon.ion:ion-java (=1.10.2)

com.amazon.ion:ion-java MAVEN version =1.10.2 is affected by a known vulnerability. The following packages have a transitive dependency on com.amazon.ion:ion-java and may be impacted: - org.partiql:partiql-coverage =0.13.1, =0.13.1, =1.0.0-perf.1 Source cves: CVE-2024-21634 Source advisory:...

GHSA-264P-99WQ-F4J6 Ion Java StackOverflow vulnerability

Impact A potential denial-of-service issue exists in ion-java for applications that use ion-java to: Deserialize Ion text encoded data, or Deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation. An actor could...