FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cassandra3 -- arbitrary code execution

Affected packages
cassandra3 < 3.11.13


VuXML ID 60624f63-9180-11ed-acbe-b42e991fc52e
Discovery 2022-02-11
Entry 2023-01-11

Marcus Eriksson reports:

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this.


CVE Name CVE-2021-44521