CVE-2022-28889 Information

Description

In Apache Druid 0.22.1 and earlier the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

Reference

https://lists.apache.org/thread/t3nsq4crdr8wqgmj721d2wg6pf26s5cw