CVE-2024-54016: compression bomb attack in Apache Seata Server

[Min Ji <jimin () apache org>]

Severity: Low

Affected versions:

- Apache Seata (incubating) through <=2.2.0

Description:

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating).

This issue affects Apache Seata (incubating): through <=2.2.0.

Users are recommended to upgrade to version 2.3.0, which fixes the issue.

Credit:

yyjLF () proton me (finder)

References:

https://seata.incubator.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-54016