If I'm reading the disclosure correctly, the issue is:

@AmeliaBR I'm trying to understand this. Don't most markdown renderers have the same "vulnerability"? If I render the markdown [random link](mailto:chris@mystic.horse), a user will only see "random link". If they click the link, it'll open an external application and run as them, won't it? What is the difference? How is this remote code execution?