Description

"At" after a newline triggers rule 932370. For example, this:

Go to store.
At the store, shop.

How to reproduce the misbehavior (-> curl call)

curl -H "x-format-output: txt-matched-rules" "https://sandbox.coreruleset.org/?msg=Go%20to%20store.%0AAt%20the%20store%2C%20shop."

932370 PL1 Remote Command Execution: Windows Command Injection
949110 PL1 Inbound Anomaly Score Exceeded (Total Score: 5)
980170 PL1 Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=5) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=4) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=5, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)

Your Environment

• CRS version (e.g., v3.3.4): 4.8.0
• Paranoia level setting (e.g. PL1) : PL1
• ModSecurity version (e.g., 2.9.6): 3.0.13
• Web Server and version or cloud provider / CDN (e.g., Apache httpd 2.4.54): Nginx 1.26.1
• Operating System and version: Linux

Confirmation

• I have removed any personal data (email addresses, IP addresses,
  passwords, domain names) from any logs posted.