The ecosystem of linux software that shells out to bash is ridiculous, and coercing an env var is a very light requirement.
Virtually any software that takes input from the internet can be a target, and enumerating the combination of versions and configurations is futile. We all need a working bash patch.
Not running a webserver protects against GET spray-n-pray, but you shouldn't feel safe.
Virtually any software that takes input from the internet can be a target, and enumerating the combination of versions and configurations is futile. We all need a working bash patch.
Not running a webserver protects against GET spray-n-pray, but you shouldn't feel safe.