Users of Apache Cassandra who haven’t updated their systems in the last couple of days should consider an upgrade, as JFrog identified a high severity remote code execution issue in the database project. The vulnerability affects all teams running Cassandra with the non-standard configuration of enable_user_defined_functions: true, enable_scripted_user_defined_functions: true, and enable_user_defined_functions_threads: false and allows for arbitrary code execution on the host, should the attacker have the permission to create user defined functions.
