CVE-2020-7682

This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.