>EDIT: Looks like the way CGI works made it vulnerable to Shellshock in 2014: Fr... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tonyedgecombe 9 days ago \| parent \| context \| favorite \| on: Serving 200M requests per day with a CGI-bin >EDIT: Looks like the way CGI works made it vulnerable to Shellshock in 2014: From your linked article: If the handler is a Bash script, or if it executes Bash... But we are talking about Python not Bash.

kragen 9 days ago [–]

Yes, Shellshock is kind of a marginal case, but it probably does qualify as a security hole due in part to CGI itself, even though it doesn't affect Python programs (unless they spawn a shell). I don't know of any other examples of security problems caused by CGI, even partly. It's a very thin layer over HTTP.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact