CVE-2022-31558: Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely

Severity: Critical

CVSS Score: 9.3

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.