3:02
À : dev@cassandra.apache.org<mailto:dev@cassandra.apache.org>
Objet :Re: CVE-2021-44521: Apache Cassandra: Remote code execution for scripted
UDFs
Does this issue exist on the packaged Apache Cassandra 40X ?
Yes, it does. Cheers!
>
> Does this issue exist on the packaged Apache Cassandra 40X ?
>
Yes, it does. Cheers!
is
fallen,
Regards.
Dorian Rosse.
From: Marcus Eriksson
Sent: Friday, February 11, 2022 11:01:38 AM
To: annou...@apache.org ; dev@cassandra.apache.org
Subject: CVE-2021-44521: Apache Cassandra: Remote code execution for scripted
UDFs
Severity: high
Description
Severity: high
Description:
When running Apache Cassandra with the following configuration:
enable_user_defined_functions: true
enable_scripted_user_defined_functions: true
enable_user_defined_functions_threads: false
it is possible for an attacker to execute arbitrary code on the host. The
