Is your system shell bash? Does your application have any code which shells out to that (system(), ``, qx() etc)? If so, then probably yes.
On 25 September 2014 14:52, gvim <gvi...@gmail.com> wrote: > I built a site several years ago with CGI::Application which runs in cgi, > not psgi mode. Is it likely to be vulnerable to the recent bash security > hole which I understand revolves around setting ENV variables? > > gvim >