{"uuid": "48529faa-abaf-45b7-a079-65d7961ca73f", "vulnerability": {"vulnId": "CVE-2014-7169", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "48529faa-abaf-45b7-a079-65d7961ca73f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00Z", "recorded_at": "2026-02-02T13:24:01Z", "first_seen_at": "2022-01-28T00:00:00Z"}, "scope": {"notes": "KEV entry: GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | Affected: GNU / Bourne-Again Shell (Bash) | Description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-7169"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Bourne-Again Shell (Bash)", "due_date": "2022-07-28", "date_added": "2022-01-28", "vendorProject": "GNU", "vulnerabilityName": "GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2014-7169", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-7169"}]}