Описание
Apache Druid before 0.23.0 vulnerable to clickjacking
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
Пакеты
Наименование
org.apache.druid:druid
maven
Затронутые версииВерсия исправления
< 0.23.0
0.23.0
Связанные уязвимости
CVSS3: 4.3
nvd
больше 3 лет назад
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
CVSS3: 4.3
debian
больше 3 лет назад
In Apache Druid 0.22.1 and earlier, the server did not set appropriate ...