Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
A critical path traversal and extension bypass vulnerability in Flask-Reuploaded allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection (SSTI).