Pontus_Johnson

**Name of the Vulnerable Software and Affected Versions** egg-scripts versions prior to 2.8.1 **Description** A command injection issue allows arbitrary shell command execution through a maliciously crafted command line argument. This is only exploitable if a malicious argument is provided on the command line. For example, an attacker could use the `eggctl start --daemon --stderr` command with a malicious `stderr` argument, such as `'/tmp/eggctl stderr.log; touch /tmp/malicious'`, to execute arbitrary shell commands. **Recommendations** Update to version 2.8.1 or later.