Headline
CVE-2022-28889
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
Email display mode:
Modern rendering
Legacy rendering
Related news
GHSA-pgq7-jcj5-xx6h: Clickjacking in Apache Druid
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.