2 matches found
CVE-2022-44749 Opening workflows from untrusted resources may override arbitrary file system contents
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being...
CVE-2022-44749
CVE-2022-44749 affects KNIME Analytics Platform 3.2.0 and later via a directory traversal in ZIP extraction (Zip-Slip). An attacker can craft a KNIME workflow that, when opened by a user, overwrites arbitrary files the user can write to, with the user only needing to open the workflow (no executi...