CVE-2024-54016

MEDIUM

Apache Seata <2.3.0 - Data Amplification

Title source: llm

Description

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): through <=2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

References (2)

Scores

CVSS v3 4.3
EPSS 0.0039
EPSS Percentile 59.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE
CWE-409
Status published

Affected Products (2)

apache/seata < 2.3.0
org.apache.seata/seata-parent < 2.3.0Maven

Timeline

Published Mar 20, 2025
Tracked Since Feb 18, 2026