Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.
Metrics
Affected Vendors & Products
References
History
Tue, 01 Oct 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat jboss Enterprise Application Platform |
|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:8.0 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
Vendors & Products |
Redhat
Redhat jboss Enterprise Application Platform |
Tue, 13 Aug 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-03T22:46:03.585Z
Updated: 2024-08-01T22:27:35.757Z
Reserved: 2023-12-29T03:00:44.955Z
Link: CVE-2024-21634
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-03T23:15:08.943
Modified: 2024-11-21T08:54:46.287
Link: CVE-2024-21634
Redhat