cvedb.io
CVE-2022-44748
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2022-11-24T07:15:09.973 · Last modified 2026-06-17T05:08:52.923

Summary

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to

Affected products

knime — knime_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when knime ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.