Homepage
About Snyk

org.apache.cassandra:cassandra-all@3.10 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.cassandra:cassandra-all package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Arbitrary Code Execution

org.apache.cassandra:cassandra-all is a free and open-source distributed wide column store NoSQL database management system designed to handle large amounts of data across many commodity servers.

Affected versions of this package are vulnerable to Arbitrary Code Execution. The default configuration would bind an unauthenticated JMX/RMI interface to all network interfaces, which allowed remote attackers to execute arbitrary Java code via an RMI request.

Note: This issue is a regression of CVE-2015-0225.

[3.8,3.11.2)
Go back to all versions of this package