CVE 2019-11888
Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.
See the
CVE page on Mitre.org
for more details.