pkg:Maven/org.apache.cassandra:cassandra-all

All known vulnerabilities

• CRITICAL9.8CVE-2018-8016Missing Authentication for Critical Function in Apache Cassandra
  >= 3.8, < 3.11.2
• CRITICAL9.1CVE-2021-44521Remote code execution for scripted UDFs
  from 0, < 3.0.26
• HIGH8.8CVE-2026-27314Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator
  >= 5.0-alpha1, < 5.0.7
• HIGH8.8Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
  >= 4.0.16, < 4.0.17
• HIGH8.8Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
  >= 5.0-alpha1, < 5.0.3
• HIGH7.8Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
  >= 4.1.0, < 4.1.2
• HIGH7.5Authentication Bypass in Apache Cassandra
  >= 2.1.0, < 3.0.24
• MEDIUM5.9Apache Cassandra: unrestricted deserialization of JMX authentication credentials
  >= 5.0-beta1, < 5.0.3
• MEDIUM5.9Man-in-the-middle attack in Apache Cassandra
  >= 2.1.0, < 2.1.12
• MEDIUM5.5Apache Cassandra: cqlsh history sensitive information leak
  >= 4.0, < 4.0.20
• MEDIUM5.4Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
  >= 4.0-alpha1, < 4.0.16
• —Apache Cassandra has an authenticated DoS over CQL
  >= 4.0, < 4.0.20