A serious vulnerability was recently discovered based on how Linux uses CGI script execution for PHP, Python, Go and other scripting language.
httpoxy is the name given to a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. The vulnerability allows an attacker to remotely set the HTTP_PROXY environment variable on affected servers which can lead to a number of bad consequences.
Best advice is to patch as soon as possible as Linux vendors have started releasing patches. But immediate mitigation before patching can be performed by blocking ‘Proxy’ request headers as early as possible before they hit your application. httproxy.org has this spelled out in detail for Nginx/FastCGI and others web servers.
ee update command and it will take care of blocking proxy request header.
We also updated our custom Nginx builds which has necessary patch.
Either way, you will get same result so you better go ahead with