remote code execution

[robkooper]

NCSA security has discovered a remote code execution that will need to be patched. For more details contact me.

[mdietze]

@robkooper Is this something we need to fix on our machines, or just something you'll submit a PR on?

[tonygardella]

@robkooper Has this been resolved?

[robkooper]

pull request created.