QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-44521

Back to search

CVE-2021-44521

Published: Feb 11, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.

VendorProductVersions

Apache Software Foundation

Apache Cassandra

affected
3.0.0 - < unspecified
affected
unspecified - < 3.0.26
affected
3.1 - < unspecified
affected
unspecified - < 3.11.12
affected
4.0.0 - < unspecified

+1 more versions

Weaknesses (CWE)

CWE-94

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now