{"uuid": "f85079b7-0cdb-47fe-bea8-026aa024c872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-264P-99WQ-F4J6", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18539", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21634\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in\u00a0`ion-java`\u00a0for applications that use\u00a0`ion-java`\u00a0to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the\u00a0`IonValue`\u00a0model and then invoke certain\u00a0`IonValue`\u00a0methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the\u00a0`IonValue`\u00a0model, results in a\u00a0`StackOverflowError`\u00a0originating from the\u00a0`ion-java`\u00a0library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.\n\ud83d\udccf Published: 2024-01-03T22:46:03.585Z\n\ud83d\udccf Modified: 2025-06-16T19:45:37.088Z\n\ud83d\udd17 References:\n1. https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6", "creation_timestamp": "2025-06-16T20:37:27.000000Z"}