Shellshock bug and ERPNext

Hi Team,

Do Shellshock bug affects ERPNext or Frappe in anyway?

Kind regards,
MP


  1. Please be kind and don't send large attachments
  2. For issues, features requests use https://github.com/frappe/erpnext/issues



    You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

    To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.

    To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/4a05b8f0-f689-44c7-915e-24d2312d4753%40googlegroups.com.

    For more options, visit https://groups.google.com/d/optout.

On Fri, Sep 26, 2014 at 3:24 PM, MP ma...@gmail.com wrote:

Hi Team,

Do Shellshock bug affects ERPNext or Frappe in anyway?

I tried to exploit with nginx setup, it was safe. I think version 2
(CGI) would be vulnerable.

Although, other a web server, it could aso be exploited from other
services that use bash to interpret vars. Eg dhcpclient,
https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/

Do upgrade to latest bash

Thanks,

Pratik
erpnext