Amazon Ion
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Amazon Ion.
Recent Amazon Ion Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2026-04-29 | CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP | April 29, 2026 |
| 2026-04-29 | Issue with FreeRTOS-Plus-TCP - MAC Address Validation Bypass and ICMP Echo Reply Integer Underflow | April 29, 2026 |
| 2026-04-27 | CVE-2026-7191- Arbitrary Code Execution via Sandbox Bypass in QnABot on AWS | April 27, 2026 |
| 2026-04-20 | CVE-2026-6550 - Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python | April 20, 2026 |
| 2026-04-17 | CVE-2026-6437 - Mount Option Injection in Amazon EFS CSI Driver | April 17, 2026 |
| 2026-03-19 | CVE-2026-4428: Issues with AWS-LC - CRL Distribution Point Scope Check Logic Error | March 19, 2026 |
| 2026-03-17 | Arbitrary code execution via crafted project files in Kiro IDE | March 17, 2026 |
| 2026-03-16 | CVE-2026-4269 - Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit | March 16, 2026 |
| 2026-03-16 | CVE-2026-4270 - AWS API MCP File Access Restriction Bypass | March 16, 2026 |
| 2026-01-09 | CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper | January 9, 2026 |
By the Year
In 2026 there have been 0 vulnerabilities in Amazon Ion. Ion did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 7.50 |
It may take a day or so for new Ion vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Amazon Ion Security Vulnerabilities
Amazon Ion Java Library DoS via IonText Deserialization prior to 1.10.5
CVE-2024-21634
7.5 - High
- January 03, 2024
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.
Allocation of Resources Without Limits or Throttling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Amazon Ion or by Amazon? Click the Watch button to subscribe.
