Barry-Voice-Assistant is a voice assistant from the Bulgarian personal developer Lyuboslav Karev. Barry-Voice-Assistant 2021-01-18 and earlier versions have a path traversal vulnerability, which stems from the failure of Flaskβs send_file function to properly filter special elements in resource or file paths, and can be exploited to access arbitrary files and directories stored on the file system.