Last week, a new security CVE related to Windows command injection was announced, affecting many programming languages, including Nim. This issue stems from how cmd handles argument escaping differently than expected by various programming languages. You can verify if you're affected by running tests available on my GitHub with three payloads. This highlights the need for a reevaluation of how arguments are escaped in Nim to address this discrepancy with cmd.
* <https://foxoman.hashnode.dev/exploring-command-injection-vulnerabilities-in-windows-with-nim> * <https://github.com/foxoman/CVE-2024-24576-PoC---Nim/tree/main> * <https://nvd.nist.gov/vuln/detail/CVE-2024-24576>
