VulnerableCode Package Details - pkg:maven/software.amazon.ion/ion-java@None

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/software.amazon.ion/ion-java@None

Essentials
History (1)

purl	pkg:maven/software.amazon.ion/ion-java@None
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-48hg-sya5-wubh Aliases: CVE-2024-21634 GHSA-264p-99wq-f4j6	Ion Java StackOverflow vulnerability A potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to: * Deserialize Ion text encoded data, or * Deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. Impacted versions: <1.10.5	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:46:47.429654+00:00	GitLab Importer	Affected by	VCID-48hg-sya5-wubh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/software.amazon.ion/ion-java/CVE-2024-21634.yml	38.6.0