Shellshock is a bug in the Bash command-line interface shell that has existed for 30 years and was discovered as a significant threat in 2014. Today, Shellshock still remains a threat to enterprise. The threat is certainly less risky than in the year of discovery. However, in a year in which security priorities have recalibrated to keep up with the chaotic landscape, its a good time to look back at this threat and the underlying factors that keep these attacks alive today.”]
Source: https://securityintelligence.com/articles/shellshock-vulnerability-in-depth/