Apache · Apache Druid · CVE-2022-28889
**Name of the Vulnerable Software and Affected Versions**
Apache Druid versions 0.22.1 and earlier
**Description**
The issue is related to the server not setting appropriate headers to prevent clickjacking. This is mitigated in version 0.23.0 and later by using the Content-Security-Policy header.
**Recommendations**
For Apache Druid versions 0.22.1 and earlier, update to version 0.23.0 or later to prevent clickjacking using the Content-Security-Policy header.