Shadowsocks-libev version 3.1.0 suffers from a remote command execution vulnerability.
8aa4d9bfa1fdc7daf2bf705d5487612abef1c1807139246be24fa5f0b84b9113
Several issues have been identified, which allow attackers to manipulate log files, execute commands and to brute force Shadowsocks with enabled autoban.py brute force detection. Brute force detection from autoban.py does not work with suggested tail command. The key of captured Shadowsocks traffic can be brute forced. The latest commit 2ab8c6b on Sep 6, 2017 is affected.
c64eed8300f6f6714169306d2895cc8ef0dff3acc98056115f385ce1201d0c24