Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory
A maliciously crafted .onetoc2 table-of-contents file can cause Parser::parse_notebook to open arbitrary files on the host filesystem outside the notebook's directory. The parser reads entry names listed inside the .onetoc2 and joins them against the notebook's base directory without validating that they are relative paths confined to that directory. The parser will bail out when the target file fails to parse as a OneNote section, so direct content exfiltration through …