Byte16384

**Name of the Vulnerable Software and Affected Versions** Markdown Preview Enhanced versions prior to 0.8.28 **Description** On Windows, the software opens external files and links from the preview through a shell without validating untrusted inputs from the markdown document. This allows for the injection of operating system commands when a crafted markdown document is previewed. The issue involves the following vulnerable attributes - diagram filename - imported file paths - `latex engine` code-chunk attribute **Recommendations** Update to version 0.8.28.