CVE-2021-44521

CRITICAL NUCLEI LAB

Apache Cassandra < 3.0.26 - Code Injection

Title source: rule

Description

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.

Exploits (3)

nomisec WORKING POC 1 stars

by Yeyvo · poc

https://github.com/Yeyvo/poc-CVE-2021-44521

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/woodenklaas/cve-2021-44521

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/qhpix/cve-2021-44521

View Code ZIP pw:eip

Nuclei Templates (1)

Apache Cassandra Load UDF RCE

CRITICALby Y4er

Shodan: cpe:"cpe:2.3:a:apache:cassandra"

References (4)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/02/11/4

[Exploit, Mitigation, Third Party Advisory] https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/

[Issue Tracking, Mailing List, Vendor Advisory] https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220225-0001/

Scores

CVSS v3 9.1

EPSS 0.9101

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull cassandra:4.0.1

https://github.com/Yeyvo/poc-CVE-2021-44521

https://github.com/qhpix/cve-2021-44521

https://github.com/woodenklaas/cve-2021-44521

View in Library

Details

CWE

CWE-94 CWE-732

Status published

Products (2)

apache/cassandra 3.0.0 - 3.0.26

org.apache.cassandra/cassandra-all 0 - 3.0.26Maven

Published Feb 11, 2022

Tracked Since Feb 18, 2026