Highpopematt

**Name of the Vulnerable Software and Affected Versions** ion-java versions prior to 1.10.5 Bitbucket Data Center and Server versions 7.21.0 through 8.18.0 Confluence Data Center and Server versions 5.6 through 8.8.1 Jira Software versions (affected versions not specified) Jira Work Management versions (affected versions not specified) **Description** A potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. **Recommendations** For ion-java versions prior to 1.10.5, upgrade to version 1.10.5 or later. For Bitbucket Data Center and Server versions 7.21.0 through 8.18.0, upgrade to the specified supported fixed versions. For Confluence Data Center and Server versions 5.6 through 8.8.1, upgrade to the specified supported fixed versions. For Jira Software and Jira Work Management, At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, do not load data which originated from an untrusted source or that could have been tampered with.