1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-W7F2-GJXF-2GM9

[MAVEN:GHSA-W7F2-GJXF-2GM9] Improper Neutralization of Special Elements used in a Command in Apache Cassandra

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.

Package Affected Version
pkg:maven/org.apache.cassandra/apache-cassandra >= 2.1.0, < 2.1.4
pkg:maven/org.apache.cassandra/apache-cassandra >= 1.2.0, < 2.0.14
Package Fixed Version
pkg:maven/org.apache.cassandra/apache-cassandra = 2.1.4
pkg:maven/org.apache.cassandra/apache-cassandra = 2.0.14
ID
MAVEN:GHSA-W7F2-GJXF-2GM9
Severity
high
URL
https://github.com/advisories/GHSA-w7f2-gjxf-2gm9
Published
2022-05-14T02:49:56
(2 years ago)
Modified
2023-01-27T05:02:21
(20 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.apache.cassandra/apache-cassandra org.apache.cassandra apache-cassandra >= 2.1.0 < 2.1.4
Fixed pkg:maven/org.apache.cassandra/apache-cassandra org.apache.cassandra apache-cassandra = 2.1.4
Affected pkg:maven/org.apache.cassandra/apache-cassandra org.apache.cassandra apache-cassandra >= 1.2.0 < 2.0.14
Fixed pkg:maven/org.apache.cassandra/apache-cassandra org.apache.cassandra apache-cassandra = 2.0.14
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date