CVE-2022-28889

MEDIUM4.3EPSS 2.2%

Apache Druid before 0.23.0 vulnerable to clickjacking

發布日:2022/7/8修改日:2023/11/8

描述

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 3.1MEDIUM4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

參考連結(3)