Ion Amazon Ion

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Amazon Ion.

Recent Amazon Ion Security Advisories

Advisory Title Published
2025-01-23 Issue with AWS Sign-in IAM User Login Flow – Possible Username Enumeration (CVE-2025-0693) January 23, 2025
2024-10-21 CVE-2024-8901 - missing JWT issuer and signer validation in aws-alb-route-directive-adapter-for-istio October 21, 2024
2024-10-21 CVE-2024-10125 - missing JWT issuer and signer validation in aws-alb-identity-aspnetcore October 21, 2024
2023-10-06 Issue with Amazon WorkSpaces Windows Client Version 5.9 and 5.10 October 6, 2023
2023-08-08 CVE-2023-20569 - RAS Poisoning - Inception August 8, 2023
2022-01-13 Reported AWS CloudFormation Issue January 13, 2022
2022-01-13 Reported AWS CloudFormation Issue January 13, 2022
2021-12-23 AWSSupportServiceRolePolicy Informational Update December 23, 2021
2021-04-26 Resolved: Application Load Balancer Session Ticket Issue April 26, 2021

By the Year

In 2025 there have been 0 vulnerabilities in Amazon Ion. Last year, in 2024 Ion had 1 security vulnerability published. Right now, Ion is on track to have less security vulnerabilities in 2025 than it did last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 1 7.50
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Ion vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Amazon Ion Security Vulnerabilities

Amazon Ion is a Java implementation of the Ion data notation

CVE-2024-21634 7.5 - High - January 03, 2024

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.

Allocation of Resources Without Limits or Throttling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Amazon Ion or by Amazon? Click the Watch button to subscribe.

Amazon
Vendor

Amazon Ion
Product

subscribe