4.0.4 is vulnerable, but ~arch details and hotfix available at the URL -- Attack Vectors: Supply a specially crafted HTTP POST request on the TWiki configure script. Impact: An intruder is able to execute arbitrary shell commands with the privileges of the web server process, such as user nobody. Properly configured TWiki sites with authenticated configure script are not affected. Severity Level: Severity 1 issue: The web server can be compromised MITRE Name for this Vulnerability: The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-3819 to this vulnerability.
It's ~arch, though.
web-apps please bump when you can
-r1
Thx Renat.