CVE-2019-12138 (macdown)

MacDown 0.7.1 allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
Source: NIST
CVE-2019-12138 (macdown)