Vulnerability Details CVE-2018-15747
The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2018-15747
-
cpe:2.3:a:glot:glot-www:2018-05-19