Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.Referenceshttps://github.com/leanote/desktop-apphttps://fluidattacks.com/advisories/alesso