You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[amazonica "0.3.166"] depends on
[com.amazonaws/aws-java-sdk "1.12.132"]
[com.amazonaws/aws-java-sdk-core "1.12.132"]
[software.amazon.ion/ion-java "1.0.2"] which has known vulnerabilities:
A potential denial-of-service issue exists in ion-java for applications that use ion-java to:
• Deserialize Ion text encoded data, or
• Deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation.
An actor could craft Ion data that, when loaded by the affected application and/or processed using the IonValue model, results in a StackOverflowError originating from the ion-java library.
[amazonica "0.3.166"] depends on
[com.amazonaws/aws-java-sdk "1.12.132"]
[com.amazonaws/aws-java-sdk-core "1.12.132"]
[software.amazon.ion/ion-java "1.0.2"] which has known vulnerabilities:
A potential denial-of-service issue exists in ion-java for applications that use ion-java to:
• Deserialize Ion text encoded data, or
• Deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation.
An actor could craft Ion data that, when loaded by the affected application and/or processed using the IonValue model, results in a StackOverflowError originating from the ion-java library.
Impacted versions: <1.10.5
https://nvd.nist.gov/vuln/detail/CVE-2024-21634
The text was updated successfully, but these errors were encountered: