2 matches found
CVE-2022-44748
CVE-2022-44748 - KNIME Server Zip-Slip directory traversal . A vulnerability in KNIME Server’s ZIP archive extraction routines allows an authenticated user (with upload rights) to overwrite arbitrary files on the server’s filesystem. The root cause is directory traversal during workflow upload, e...
CVE-2022-44748 Uploading workflows to KNIME Server may override arbitrary file system contents
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, ca...