GTONE ChangeFlow Path Traversal Vulnerability Allowing Code Download Without Integrity Check

Vulnerability

A path traversal vulnerability has been identified in GTONE ChangeFlow, affecting all versions up to v9.0.1.1. This vulnerability allows improper limitation of a pathname to a restricted directory, enabling unauthorized access to files. Additionally, the vulnerability facilitates the download of code without any integrity check, raising concerns about the authenticity and safety of the retrieved files.

Impact

Exploitation of this vulnerability could lead to unauthorized file access and the download of potentially malicious code that could be executed in the user's environment.

Added: Oct 2, 2025, 6:22 AM

Updated: Oct 2, 2025, 6:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GTONE ChangeFlow Path Traversal Vulnerability Allowing Code Download Without Integrity Check

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating