caretakerr-api is a Flask API endpoint for the Caretakerr application from sanoj tharindu personal developer. caretakerr-api 2021-05-17 and earlier versions are vulnerable to a path traversal vulnerability that stems from Flaskβs send_file function failing to properly filter resource or special elements in file paths, which can be exploited to access arbitrary files and directories stored on the file system.