Primary

Context

Apache Seata Data Amplification Vulnerability Allowing Compression Bomb Attacks

Vulnerability

Patched

A data amplification vulnerability due to improper handling of highly compressed data has been identified in Apache Seata (incubating) versions through 2.2.0. This vulnerability can lead to a compression bomb attack, where an attacker could exploit the way the application processes compressed data, potentially causing denial-of-service conditions by exhausting resources.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, where the application becomes unresponsive or unavailable due to resource exhaustion.

Remediation

Users are advised to upgrade to Apache Seata version 2.3.0, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Seata Data Amplification Vulnerability Allowing Compression Bomb Attacks

Vulnerability

Impact

Remediation

Affected Products

Apache Seata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating