CVE-2018-3786

Name of the Vulnerable Software and Affected Versions egg-scripts versions prior to 2.8.1

Description A command injection issue allows arbitrary shell command execution through a maliciously crafted command line argument. This is only exploitable if a malicious argument is provided on the command line. For example, an attacker could use the eggctl start --daemon --stderr command with a malicious stderr argument, such as '/tmp/eggctl stderr.log; touch /tmp/malicious', to execute arbitrary shell commands.

Recommendations Update to version 2.8.1 or later.