The flaw involves Slack's Windows desktop app, and how it can automatically send downloaded files to a certain destination. A security researcher noticed you can create special links to trigger the app to send downloaded files to an outside server.
Source Link
