Versions of egg-scripts
before 2.8.1 are vulnerable to command injection. This is only exploitable if a malicious argument is provided on the command line.
Example:
eggctl start --daemon --stderr='/tmp/eggctl_stderr.log; touch /tmp/malicious'
Update to version 2.8.1 or later.