Niklas Abel discovered that insufficient input sanitising in the the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution.