Defmax

**Name of the Vulnerable Software and Affected Versions** pdf-image versions prior to 2.0.0 **Description** The issue is related to the lack of neutralization of special elements in input data for the GetInfoCommand function in the pdf-image tool for Node.js. This can be exploited by a remote attacker to execute arbitrary code using a specially crafted request. The vulnerability exists due to an unescaped string parameter, and it is exploitable if the attacker has control over the `pdfFilePath` variable passed into `pdf-image`. **Recommendations** Update to version 2.0.0 or later. As a temporary workaround, consider restricting access to the `pdf-image` tool to minimize the risk of exploitation, especially for the `pdfFilePath` variable. Avoid using unvalidated input for the `pdfFilePath` variable in the affected API endpoint until the issue is resolved.