GHSA-pgq7-jcj5-xx6h

Source

https://github.com/advisories/GHSA-pgq7-jcj5-xx6h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-pgq7-jcj5-xx6h/GHSA-pgq7-jcj5-xx6h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pgq7-jcj5-xx6h

Aliases

CVE-2022-28889

Published

2022-07-08T00:00:43Z

Modified

2023-11-08T04:09:06.119309Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Apache Druid before 0.23.0 vulnerable to clickjacking

Details

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

Database specific

{
    "cwe_ids": [
        "CWE-1021"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-08T19:21:13Z",
    "nvd_published_at": "2022-07-07T19:15:00Z",
    "severity": "MODERATE"
}

References

Affected packages

Maven / org.apache.druid:druid

Package

Name: org.apache.druid:druid; View open source insights on deps.dev
Purl: pkg:maven/org.apache.druid/druid

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.23.0

Affected versions

0.*

0.13.0-incubating

0.14.0-incubating

0.14.1-incubating

0.14.2-incubating

0.15.0-incubating

0.15.1-incubating

0.16.0-incubating

0.16.1-incubating

0.17.0

0.17.1

0.18.0

0.18.1

0.19.0

0.20.0

0.20.1

0.20.2

0.21.0

0.21.1

0.22.0

0.22.1