Iansmith123

**Name of the Vulnerable Software and Affected Versions** glot-www versions through 2018-05-19 **Description** The default configuration of glot-www allows remote attackers to execute arbitrary code because glot-code-runner supports `os.system` within a "python" "files" "content" JSON file. **Recommendations** For glot-www versions through 2018-05-19, consider disabling the `os.system` function within the glot-code-runner to prevent remote code execution until a patch is available. Restrict access to the "python" "files" "content" JSON file to minimize the risk of exploitation.