A critical vulnerability has been discovered within ‘bash’, a core component of most Linux and UNIX distributions, including Mac OS X and embedded systems. Administrators are urged to patch immediately.
This vulnerability allows attackers to compromise systems remotely, including systems used as web servers. The flaw allows an attacker to remotely attach a malicious variable that is executed when ‘bash’ is invoked.
The full NCSC advisory is available here