Описание
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| druid | itp | package |
Связанные уязвимости
CVSS3: 4.3
nvd
больше 3 лет назад
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
CVSS3: 4.3
github
больше 3 лет назад
Apache Druid before 0.23.0 vulnerable to clickjacking