CVE-2022-31506: SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely

Severity: Critical

CVSS Score: 9.3

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.