The httpd package in fli4l prior to 3.10.1 and 4.0 prior to 2015-01-30 allows remote malicious users to execute arbitrary code.
fli4l fli4l 4.0
fli4l fli4l