Published: 31 August 2012
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.
The scriptfu server is not widely used and security is not a part of the server's design
The script-fu network server should not be used in untrusted environments. We are not going to fix this, marking as ignored.