products / cassandra
Apache Cassandra
Cassandra is a distributed wide-column store from the ASF. NVD uses apache:cassandra. The NVD keyword is the full phrase Apache Cassandra to avoid unrelated "Cassandra" text matches.
api usage
Querying Cassandra
product slug
cassandraversion format
3.11.10, 4.0.3bash
curl "https://api.attestd.io/v1/check?product=cassandra&version=3.11.10" \
-H "Authorization: Bearer $ATTESTD_KEY"Spot-check CVE-2021-44521 (RCE via user-defined functions when enabled).
json
{
"product": "cassandra",
"version": "3.11.10",
"supported": true,
"risk_state": "high",
"risk_factors": ["remote_exploitable", "patch_available"],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "3.11.11",
"confidence": 0.84,
"cve_ids": ["CVE-2021-44521"],
"last_updated": "2026-04-03T00:00:00Z"
}cleaner line
Newer release
bash
curl "https://api.attestd.io/v1/check?product=cassandra&version=4.1.8" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2021-44521 | Remote code execution when UDF execution is enabled. | 3.x, 4.0 (see NVD) | 10.0 |
CVE-2020-17516 | Inter-node / internode encryption validation issue. | 3.0, 4.0 | 7.5 |
CVE-2019-13922 | Privilege escalation via JMX/reaper integrations. | 3.x | 8.1 |
CVE-2025-26511 | Cassandra security update (verify NVD for ranges). | see NVD | 6.0 |
CVE-2020-36939 | Information disclosure in configuration handling. | 3.11 | 5.3 |
related