Ion Amazon Ion

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Amazon Ion.

Recent Amazon Ion Security Advisories

Advisory Title Published
2026-07-07 CVE-2026-14904 - Improper Link Resolution in Auth.GetUserPrivateKey in AWS Research and Engineering Studio July 7, 2026
2026-07-06 CVE-2026-14471 - Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry July 6, 2026
2026-07-01 CVE-2026-14265- Deserialization of Untrusted Data in AWS Advanced JDBC Wrapper RemoteQueryCachePlugin July 1, 2026
2026-07-01 CVE-2026-13760 - OS Command Injection in NodejsFunction Docker Bundling in aws-cdk-lib July 1, 2026
2026-07-01 CVE-2026-13769 – Insecure file permissions in AWS CLI July 1, 2026
2026-06-29 CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF June 29, 2026
2026-06-17 CVE-2026-12530 - Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages() June 17, 2026
2026-06-15 CVE-2026-11931 - Insecure Permissions on Authentication Token Cache File in Kiro IDE June 15, 2026
2026-06-10 CVE-2026-10740 - Excessive memory allocation in s2n-quic June 10, 2026
2026-06-10 CVE-2026-10740 - Excessive memory allocation in s2n-quic June 10, 2026

By the Year

In 2026 there have been 0 vulnerabilities in Amazon Ion. Ion did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 1 7.50

It may take a day or so for new Ion vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Amazon Ion Security Vulnerabilities

Amazon Ion Java Library DoS via IonText Deserialization prior to 1.10.5
CVE-2024-21634 7.5 - High - January 03, 2024

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.

Allocation of Resources Without Limits or Throttling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Amazon Ion or by Amazon? Click the Watch button to subscribe.

Amazon
Vendor

Amazon Ion
Product

subscribe