7.5
CVSS V3
Ion Java StackOverflow vulnerability
A potential denial-of-service issue exists in ion-java
 for applications that use ion-java
 to:
IonValue
 model and then invoke certain IonValue
 methods on that in-memory representation.An actor could craft Ion data that, when loaded by the affected application and/or processed using the IonValue
 model, results in a StackOverflowError
 originating from the ion-java
 library.
Impacted versions: <1.10.5
The patch is included in ion-java
>= 1.10.5.
Do not load data which originated from an untrusted source or that could have been tampered with. Only load data you trust.
If you have any questions or comments about this advisory, we ask that you contact AWS/Amazon Security via our vulnerability reporting page [1] or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.