Description
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
Remediation
References
https://lists.apache.org/thread/t3nsq4crdr8wqgmj721d2wg6pf26s5cw
Related Vulnerabilities
CVE-2016-8749 Vulnerability in maven package org.apache.camel:camel-jacksonxml
CVE-2021-21640 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-43797 Vulnerability in maven package io.netty:netty-codec-http
CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-dist