{"uuid": "7a6f2d46-4ca3-4ad6-87de-4120eb6655a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2014-6277", "type": "seen", "source": "https://t.me/arpsyndicate/1926", "content": "#ExploitObserverAlert\n\nCVE-2014-6278\n\nDESCRIPTION: Exploit Observer has 142 entries related to CVE-2014-6278. GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.\n\nFIRST-EPSS: 0.973450000\nNVD-IS: 10.0\nNVD-ES: 10.0", "creation_timestamp": "2023-12-18T06:11:35.000000Z"}