According to CVE-2022-42889 Apache Commons Text version 1.5 through 1.9 have insecure interpolation defaults. I have found org.apache.commons.commons-text_1.9.0.jar in my installation folder of KNIME 4.6.3.
Is KNIME affected by this vulnerability?
No, it’s not. We are not using the broken class from that library.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.