Description
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
Remediation
References
https://lists.apache.org/thread/t3nsq4crdr8wqgmj721d2wg6pf26s5cw
Related Vulnerabilities
CVE-2023-30519 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger
CVE-2020-13279 Vulnerability in npm package gitlab-workflow
CVE-2022-31093 Vulnerability in npm package next-auth
CVE-2020-26523 Vulnerability in npm package froala-editor
CVE-2020-2297 Vulnerability in maven package com.hoiio.jenkins:sms