KNIME Analytics Platform prior to 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.
knime knime analytics platform