Description
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Remediation
References
https://www.kb.cert.org/vuls/id/845332
Related Vulnerabilities
CVE-2022-36007 Vulnerability in maven package com.github.jlangch:venice
CVE-2018-1263 Vulnerability in maven package org.springframework.integration:spring-integration-zip
CVE-2021-33036 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-common
CVE-2023-24621 Vulnerability in maven package com.esotericsoftware.yamlbeans:yamlbeans
CVE-2018-1339 Vulnerability in maven package org.apache.tika:tika-parsers