Product
A path traversal vulnerability exists in the OneNote importer of Joplin versions 3.5.6 and earlier. By importing a crafted .one file, an attacker can overwrite arbitrary files on the disk, potentially leading to privilege escalation and remote code execution. The vulnerability stems from the lack of sanitization of embedded file names within the OneNote converter, allowing filenames containing directory traversal sequences like `../../`.