{"schema_version": "1.6.1", "id": "CVE-2022-28889", "summary": "Clickjacking in the web console", "details": "In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "unspecified"}, {"last_affected": "unspecified"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/t3nsq4crdr8wqgmj721d2wg6pf26s5cw"}]}