shellshock
Safeguard articles tagged "shellshock" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Shellshock (CVE-2014-6271) Explained: RCE Hiding in Bash Environment Variables
CVE-2014-6271, Shellshock, let attackers run commands by smuggling code into environment variables that Bash parsed as function definitions. Reachable over HTTP, DHCP, and SSH. Here is how.
Shellshock Bash vulnerability retrospective
A decade-plus retrospective on Shellshock (CVE-2014-6271): how a Bash parsing flaw led to critical, KEV-listed remote code execution.
What Was the Shellshock Vulnerability
Shellshock (CVE-2014-6271) let attackers run code on millions of Bash-based systems via a single crafted header. Here's the full breakdown and fix.
Shellshock Bash environment variable RCE (CVE-2014-6271)
A 2014 parsing flaw in Bash's function-export handling let attackers run arbitrary commands via environment variables — and it's still exploited today.
Shellshock, Five Years On: The Lessons That Stuck
Five years after CVE-2014-6271, Shellshock remains the clearest case study in how one interpreter bug becomes thousands of downstream holes.