cassandra-web

Releases6

Frequency10 months 2 weeks

Last Release over 7 years ago

Downloads57.9K

Apache Cassandra web interface using Ruby, Event-machine, AngularJS, Server-Sent-Events and DataStax Ruby driver for Apache Cassandra

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-36939 ↗	Jan 27, 2026Tuesday, 27 January 2026, 16:16	7.5 HIGH	—
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.