CVE-2022-28889
published 2022-07-07CVE-2022-28889: In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | druid | < 0.23.0 | 0.23.0 |
| apache_software_foundation | apache_druid | unspecified – 0.22.1 | — |