Server-side: github & bitbucket will get patched quickly, if they're even still vulnerable. Self-hosted installations like Gitlab will be more difficult, as it requires sysadmins to patch themselves. History has thought us this takes too long.
Client-side: possibly the biggest impact, as nearly every Linux distribution ships vulnerable versions. Any kind of local system user activity could trigger the RCE. Technically, that includes any PHP, Ruby or Python site that allows shell commands to be executed - which, by default, they nearly all do.
> includes any PHP, Ruby or Python site that allows
> shell commands to be executed
So any site already vulnerable to arbitrary command execution will now be vulnerable to RCE via arbitrary command execution? If your site currently allows arbitrary shell command execution the game was already lost.
> It has all the potential to be huge.
Really? The vulnerability on the client side is limited to a very small percentage of the internet users. Furthermore these users are much more likely to be aware of the vulnerability and upgrade compared to grandma and her flash plugin. The story is not that different on the server. The number of publicly accessible git daemons pales in comparison to apache or services that use openssl. As mentioned above this does not really change anything for sites that allow arbitrary shell command execution.
Running around like chicken little saying the sky is going to potentially fall is not productive and in the long run will probably not bring about the desired result for your page views...
Server-side: github & bitbucket will get patched quickly, if they're even still vulnerable. Self-hosted installations like Gitlab will be more difficult, as it requires sysadmins to patch themselves. History has thought us this takes too long.
Client-side: possibly the biggest impact, as nearly every Linux distribution ships vulnerable versions. Any kind of local system user activity could trigger the RCE. Technically, that includes any PHP, Ruby or Python site that allows shell commands to be executed - which, by default, they nearly all do.
It has all the potential to be huge.