flask-mongo-skel is a Flask MongoDB framework from Shamail Tayyabβs personal developer. flask-mongo-skel 2012-11-01 and earlier versions contain a path traversal vulnerability that stems from a failure of Flaskβs send_file function to properly filter resource or file paths for The vulnerability is caused by the failure of Flaskβs send_file function to properly filter special elements in resource or file paths, which can be exploited to access arbitrary files and directories stored on the file system.