The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. (CVSS:6.4) (Last Update:2022-07-15)Latest security vulnerabilities (Directory Traversal) (CVSS score >= 4)