Hello webdevops,
Thank you for raising this, we are aware of this vulnerability and have decided to disable the eval in PDF.js that is causing this issue according to the workaround in the CVE
In the meantime disabling embedded javascript will prevent this vulnerability, see this forum post on more information:
Best regards,
Tyler