CVE-2022-44749: 
KNIME Analytics Platform vulnerability analysis and mitigation

A directory traversal vulnerability, also known as 'Zip-Slip', was discovered in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above. The vulnerability was disclosed on November 24, 2022, affecting all versions since 3.2.0 until the fix in version 4.6.4. This security issue received a CVSS v3.1 base score of 7.0 (HIGH) (NVD).

The vulnerability is classified as CWE-22 (Path Traversal) and allows attackers to create specially crafted KNIME workflows that can exploit the ZIP archive extraction process. When a user opens the malicious workflow, it can manipulate file paths to write files to arbitrary locations on the user's system. The attack doesn't require workflow execution - simply opening the workflow file is sufficient to trigger the vulnerability (KNIME Advisory).

The vulnerability can lead to multiple severe consequences: data integrity compromise through file content modification, software malfunction due to corrupted vital files, and potential remote code execution if executable files are replaced and subsequently executed by the user. However, the attacker must have prior knowledge of file locations on the target system (KNIME Advisory).

The primary mitigation is to update to KNIME Analytics Platform version 4.6.4 or later, which contains the fix for this vulnerability. As a temporary workaround, users are advised not to open workflows from untrusted sources (KNIME Advisory).