The process library on Windows is vulnerable to a command
injection vulnerability, via cmd.exe's interpretation of
arguments. Processes that invoke batch files (.bat, .cmd) and
pass arguments whose values are affected by program inputs may be
affected.
Add some additional escaping to neutralise this scenario.
Also add some additional library documentation explaining how
arguments are processed on Windows.
The process library on Windows is vulnerable to a command injection vulnerability, via cmd.exe's interpretation of arguments. Processes that invoke batch files (.bat, .cmd) and pass arguments whose values are affected by program inputs may be affected.
Add some additional escaping to neutralise this scenario.
Also add some additional library documentation explaining how arguments are processed on Windows.
Co-authored-By: Fraser Tweedale HSEC-identifier: HSEC-2024-0003