BIT-cassandra-2021-44521

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/cassandra/BIT-cassandra-2021-44521.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-cassandra-2021-44521
Aliases
Published
2024-03-06T10:50:58.097Z
Modified
2025-04-03T14:40:37.652Z
Summary
[none]
Details

When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.

Database specific
{
    "cpes": [
        "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}
References

Affected packages

Bitnami / cassandra

Package

Name
cassandra
Purl
pkg:bitnami/cassandra

Severity

  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
3.0.0
Fixed
3.0.26
Introduced
3.11.0
Fixed
3.11.12
Introduced
4.0.0
Fixed
4.0.2