Vendor
Blinko versions before 1.8.4 are vulnerable to arbitrary file reading due to a lack of permission checks and path traversal filtering on the temp/ path, potentially allowing attackers to read backup files containing sensitive user data.