New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
is it working? #5
Comments
This script says it's clean |
I can confirm this. The hannob/bashcheck script says I am not vulnerable. However, this app says I am. I installed this app from F-Droid. I am using CyanogenMod 12.1-20150909-NIGHTLY. Bash version 4.3.33(1)-release I also tested my phone with the shellshock testing script from https://shellshocker.net, which said I was NOT vulnerable as well. |
I can confirm this. Hannob/bashcheck script says that cm-14.1-20161206-NIGHTLY is clean, but this app says that is vulnerable, exactly as @srguglielmo says. Bash Version? GNU bash, version 4.3.42(1)-release (arm-android-eabi) Shellshock-Vulnerability-Scan screenshot: https://s21.postimg.org/m0cfqkh9j/Screenshot_20161124_101433.png |
Hi guys, I will check the code when I get some free time. Feel free to review and give me a PR if you were able to locate the issue. |
I have even 2 false positives here. |
I would suggest to remove your current app from playstore and fdroid, until you fixed it! |
I think this app is still on the playstore |
Or F-droid |
I have unpublished the app, I apologize for the delay in doing so. I assumed the app had been removed automatically due to the lack of development or at least that people wouldn't be searching for it still. |
I have just installed this fully patched binary & your app is telling me that it's still vulnerable
http://forum.xda-developers.com/showpost.php?p=55884202&postcount=1
The text was updated successfully, but these errors were encountered: