avalanche123/cassandra-web

Releases1

Frequency

Last Release over 9 years ago

Stars144

A web interface for Apache Cassandra

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-36939 ↗	Jan 27, 2026Tuesday, 27 January 2026, 16:16	7.5 HIGH	—
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.