I am writing to report a security vulnerability identified in the latest version of mjml-app (3.0.4-win, mjml-beta-3.1.0)

• Vulnerability Subject: mj-button enables Code execution.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

• OS: Windows 10, 22H2(OS build 19045.3570)

• App Version [mjml-app-3.0.4-win.exe, mjml-beta-3.1.0]

• Exploit explain: Running local files through event tags in mjml applications poses a security threat. In addition, the code can be executed by combining Path Traversal within the application, requiring a patch.

If you need more information, please let me know the email address I can contact.