Summary:Tableau Prep does not properly validate filenames when opening a maliciously-craftedPackaged Tableau Flow File(.tflx).The resulting files can be written outside of the intended temporary location.
Impact:A Tableau Prep user who opens a maliciously-crafted Tableau Flow File can unknowingly write and overwritefiles to any location the user has access to.
Vulnerable Versions: The following versions have this vulnerability:
Tableau Prep: 2018.1 through 2018.1.2
Resolution: The issue can be fixed by upgrading to the following version: