CVE-2022-28889
N/A
N/A
Summary
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Druid | unspecified <= 0.22.1 | affected |
Weaknesses
- CWE-1021: CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Workarounds
Upgrade to Druid 0.23.0 or later.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.