ServerApplication::registerService() unquoted path security vulnerability #3193
Description
The ServerApplication::registerService() method in poco\Util\src\ServerApplication.cpp doesn't apply quotes to the service "path"
Please see the additional reference, to get a better understanding on how this should be fixed or feel free to contact me for any questions.
https://www.commonexploits.com/unquoted-service-paths/
https://trustfoundry.net/practical-guide-to-exploiting-the-unquoted-service-path-vulnerability-in-windows/
I would suggest that you change
std::string path = config().getString("application.path");
to
std::string path = Poco::format("\"%s\"", config().getString("application.path"));