FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cassandra3 -- arbitrary code execution

Affected packages
cassandra3 < 3.11.13

Details

VuXML ID 60624f63-9180-11ed-acbe-b42e991fc52e
Discovery 2022-02-11
Entry 2023-01-11

Marcus Eriksson reports:

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this.

[source]

References

CVE Name CVE-2021-44521
URL https://www.cvedetails.com/cve/CVE-2021-44521

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.