UPDATE: Ubuntu released a patch to fix this vulnerability after I wrote this post, and since Forge auto-applies security fixes nightly, all Forge-managed servers are now safe. You can read on for fun, but you’re now safe.
Matt Stauffer has a post for details on performing a preliminary fix for the bash vulnerability on Forge. Unfortunately, new ways have been exposed to exploit the vulnerability, so a second fix (hopefully released later today) will be required to completely secure your servers.
You should follow Matt’s guide to upgrade all of your Forge-managed servers, and later when the second fix is released his post will be updated.