CVE-2024-54016

CVE-2024-54016: compression bomb attack in Apache Seata Server

Vendor Apache Software Foundation

Product Apache Seata (incubating)

Weakness CWE-409

Published March 20, 2025

Last update March 20, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): through <=2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

Key dates

Disclosure timeline

March 20, 2025 CVE published

March 20, 2025 Record updated