Msiemens

**Name of the Vulnerable Software and Affected Versions** Joplin versions prior to 3.5.7 **Description** A path traversal issue exists in the OneNote importer. The OneNote converter fails to sanitize the names of embedded files before writing them to disk. An attacker can create a malicious `.one` file containing file names with `../../` sequences, which are interpreted as part of the target path during attachment extraction. This allows the overwriting of arbitrary files on disk, which could potentially lead to remote code execution. The `determine filename()` function in `embedded file.rs` is specifically involved as it passes through the provided file name without validation. **Recommendations** Update to version 3.5.7.