Fishtank is a remote monitoring and control interface by Rentaro Matsukata, a personal developer in the U.S. A path traversal vulnerability exists in Fishtank 2015-06-24 and earlier versions, which stems from a failure of Flaskβs send_file function to properly filter special elements in resource or file paths, and can be exploited by attackers to access arbitrary files and directories stored on the file system.