markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)