Pentesting Cassandra
From: https://www.vicarius.io/vsociety/posts/cve-2021-44521-apache-cassandra-remote-code-execution
Apache Cassandra is an open-source distributed NoSQL database management system, Cassandra is highly scalable and can handle large amounts of structured, semi-structured, and unstructured data across multiple data centers, making it a popular choice for big data applications. It uses a decentralized architecture, with no master node, which allows for linear scalability and fault tolerance. Also, It's highly tunable and configurable, allowing developers to adjust the system to their specific use case and workload.
CQL is a short for Cassandra Query Language, Which is a query language similar to SQL, but optimized for distributed database environments with support for secondary indexes, materialized views, and batch operations, among other features.
UDFs is a short for User-Defined Functions which are functions that can be created and executed by users within a database management system. In our case, Cassandra offers the functionality of creating user-defined-functions (UDFs) & the UDFs in Cassandra can be written by default in Java and JavaScript.
Nashorn is a JavaScript engine that was introduced in Java 8 and it allows users to execute JavaScript code within a sanbox & It can be used to create and execute JavaScript based UDFs in Java based database management systems by executing it inside of a sandbox.