Caioluders

**Name of the Vulnerable Software and Affected Versions** pdfinfojs versions <= 0.3.6 pdfinfojs versions prior to 0.4.1 **Description** The issue is related to a lack of neutralization of special elements in input commands for the pdfinfojs module. This can be exploited by a remote attacker to execute arbitrary code using a specially crafted request. The vulnerability is exploitable if an attacker can control the `filename` parameter passed into the `pdfinfojs` constructor, allowing the execution of arbitrary commands on the victim's machine. **Recommendations** For pdfinfojs versions <= 0.3.6, update to version 0.4.1 or later. For pdfinfojs versions prior to 0.4.1, update to version 0.4.1 or later. As a temporary workaround, consider restricting access to the `filename` parameter in the `pdfinfojs` constructor to minimize the risk of exploitation.