CVE-2024-54016: Apache Seata Vulnerable to Data Amplification

March 20, 2025 (updated March 21, 2025)

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating).

This issue affects Apache Seata (incubating): through <=2.2.0.

Users are recommended to upgrade to version 2.3.0, which fixes the issue.

References

github.com/advisories/GHSA-65vg-64g8-mwjr
github.com/apache/incubator-seata
lists.apache.org/thread/grn0x8tmssx07qc9z50lwgmrkwzrrhzg
nvd.nist.gov/vuln/detail/CVE-2024-54016

Code Behaviors & Features

Detect and mitigate CVE-2024-54016 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →