Key Information Vulnerability ID: CVE-2014-0468 Vulnerability Description: A flaw exists in the Apache configuration within FusionForge's setup, which may allow a web server to execute scripts uploaded by users to original SCM repositories (such as SVN, Git, Bzr, etc.). Impact Scope: Exploitable if file-level access (e.g., shell access, sftp access) is granted to the repositories. Scripts submitted through normal means may not be executed via this vulnerability. Remediation Steps: - Update the configuration file to the latest version, available here. - Manually update the file. Version Update: An updated version 5.2 is being prepared, intended for new installations. Relevant Code Snippet: