Data Amplification Vulnerability in Apache Seata by Apache
CVE-2024-54016

4.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Seata (incubating)
Vendor: CVE Published:; 20 March 2025

Summary

An improper handling issue has been identified in Apache Seata, which can lead to data amplification vulnerabilities. This affects versions of the product up to and including 2.2.0. Users are advised to upgrade to version 2.3.0 to mitigate potential risks associated with this vulnerability. The issue stems from the handling of highly compressed data, which can be exploited by malicious actors to manipulate data flow and affect system operations.

Affected Version(s)

Apache Seata (incubating) 0

References

https://lists.apache.org/thread/grn0x8tmssx07qc9z50lwgmrk...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Nov 27, 2024

Credit

[email protected]