It is remarkably hard to escape command line arguments safely on Windows, and the standard libraries of multiple languages have needed patching: https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/