Concerning the Shellshock bug (aka "bash bug", CVE-2014-6271), can someone explain how this vulnerability works? Based on the test given in some posts (below), it looks like some type of injection using environment variables, but what exactly is occurring/not occurring to keep this from happening?
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
