Maksymilian Arciemowicz published a cross-site request forgery vulnerability, affecting BSD FTP servers, ProFTPd and maybe others.
If you’re running Pure-FTPd, even a very old version, keep cool, your server is not vulnerable. The Pure-FTPd command parser is a bit aggressive (it drops the connection if very large requests are received) but it avoids this flaw.