Xiao Feng

**Name of the Vulnerable Software and Affected Versions** node-qpdf versions all **Description** The issue arises from the `encrypt()` method failing to sanitize its parameter input, which later flows into a sensitive command execution API. This allows attackers to inject malicious commands once they can specify the input pdf file path. **Recommendations** For all versions, consider disabling the `encrypt()` function until a patch is available to prevent command injection attacks. Restrict access to sensitive command execution APIs to minimize the risk of exploitation. Avoid using the `encrypt()` method with untrusted input pdf file paths until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.