|
|
|
|
|
|
by freakonom
4281 days ago
|
|
|
The ecosystem of linux software that shells out to bash is ridiculous, and coercing an env var is a very light requirement. Virtually any software that takes input from the internet can be a target, and enumerating the combination of versions and configurations is futile. We all need a working bash patch. Not running a webserver protects against GET spray-n-pray, but you shouldn't feel safe. |
|
|