BaiduWenkuSpider_flaskWeb is a python web project based on the FlaskFrame framework for crawling Baidu’s library by ChangeWeDer personal developer. path traversal vulnerability exists in versions of BaiduWenkuSpider_flaskWeb prior to 2021-11-29, which The vulnerability stems from a failure of the Flask send_file function to properly filter special elements in resource or file paths, which can be exploited to access arbitrary files and directories stored on the file system.