When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-02-11T12:20:12

Updated: 2024-08-04T04:25:16.640Z

Reserved: 2021-12-02T00:00:00

Link: CVE-2021-44521

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-02-11T13:15:07.907

Modified: 2024-11-21T06:31:09.090

Link: CVE-2021-44521

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-02-11T00:00:00Z

Links: CVE-2021-44521 - Bugzilla