The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulner…

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability that renders its whitelist security mechanism ineffective. The vulnerability stems from incorrect use of a Unix-based shell-quote library to analyze commands on Windows platform, failing to handle Windows CMD-specific escape sequences. Attackers can exploit this parser discrepancy by constructing payloads like 'git log ^" & malicious_command ^"' to achieve arbitrary Remote Code Execution. The Axon Code parser misinterprets the malicious command connector as being within a protected string argument, auto-approving the command, while Windows CMD ignores escaped quotes and executes the malicious command directly.