Ion Java StackOverflow vulnerability

Impact A potential denial-of-service issue exists in ion-java for applications that use ion-java to: Deserialize Ion text encoded data, or Deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation. An actor could...

ai.faculty:dynamic-configuration_2.11 (>=0.3.2 <=0.3.3), ai.faculty:dynamic-configuration_2.13 (=0.4.0) +5484 more potentially affected by CVE-2024-21634 via software.amazon.ion:ion-java (>=1.0.0 <=1.5.1)

software.amazon.ion:ion-java MAVEN version =1.0.0, =0.3.2, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =0.5.0, =23.9.0, =23.9.0, =23.9.0, =23.9.1 and more Source cves: CVE-2024-21634 Source...

PT-2024-18985 · Atlassian · Jira +5

Name of the Vulnerable Software and Affected Versions: ion-java versions prior to 1.10.5 Bitbucket Data Center and Server versions 7.21.0 through 8.18.0 Confluence Data Center and Server versions 5.6 through 8.8.1 Jira Software versions affected versions not specified Jira Work Management version...

Amazon Ion Security Breach

Amazon Ion is a type-rich, self-describing, hierarchical data serialization format from Amazon Amazon. It provides interchangeable binary and textual representations. A security vulnerability exists in Amazon Ion versions prior to 1.10.5, which stems from a stack overflow in Ion Java that could...