Amazon Ion
Recent Amazon Ion Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2023-10-06 | Issue with Amazon WorkSpaces Windows Client Version 5.9 and 5.10 | October 6, 2023 |
| 2023-08-08 | CVE-2023-20569 - RAS Poisoning - Inception | August 8, 2023 |
| 2022-01-13 | Reported AWS CloudFormation Issue | January 13, 2022 |
| 2022-01-13 | Reported AWS CloudFormation Issue | January 13, 2022 |
| 2021-12-23 | AWSSupportServiceRolePolicy Informational Update | December 23, 2021 |
| 2021-04-26 | Resolved: Application Load Balancer Session Ticket Issue | April 26, 2021 |
By the Year
In 2024 there have been 1 vulnerability in Amazon Ion with an average score of 7.5 out of ten. Ion did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 7.50 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Ion vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Amazon Ion Security Vulnerabilities
Amazon Ion is a Java implementation of the Ion data notation
CVE-2024-21634
7.5 - High
- January 03, 2024
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.
Allocation of Resources Without Limits or Throttling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Amazon Ion or by Amazon? Click the Watch button to subscribe.
