CVE-2022-31557
CVE-2022-31557 involves the seveas/golem repository (up to 2016-05-17) where an unsafe use of Flask’s send_file enables absolute path traversal. The issue is documented across multiple sources, indicating a path traversal flaw in that code path. The CVSS data (2.0/3.1) suggests confidentiality im...