DirectorySecurity Advisories
Sign In
Security Advisories

CGA-gmp3-7m33-2h3v

Published

Last updated

https://images.chainguard.dev/security/CGA-gmp3-7m33-2h3v
Package

druid

Latest Update
Pending upstream fix
Aliases
  • CVE-2021-44521
  • GHSA-8ffc-79xg-29w8

Severity

9.1

Critical

CVSS V3

Summary

Apache Cassandra vulnerable to Code Injection due to unsafe configuration

Description

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation