org.apache.cassandra:cassandra-all@4.0.4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.cassandra:cassandra-all package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Privilege Escalation

org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model.

Affected versions of this package are vulnerable to Privilege Escalation when enabling FQL/Audit logs., allowing a user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.

How to fix Privilege Escalation?

Upgrade org.apache.cassandra:cassandra-all to version 4.0.10, 4.1.2 or higher.

[4.0.0,4.0.10) [4.1.0,4.1.2)