Explaining, since you were downvoted without a proper reason:
While everything is possible, most exploits happen on buffer overflows on user-received custom data. and since this is not allocating any buffer to receive anything (besides internal connection structures that are filled by the OS), the attack/exploit surface on this one is really tiny, if existent at all.
Crucially, endlessh has a smaller codebase than some shell scripts I've written. If you have ever used any program written with even a single line of Python, you have more to worry about than a 843 line program that appends a string to a socket.
While everything is possible, most exploits happen on buffer overflows on user-received custom data. and since this is not allocating any buffer to receive anything (besides internal connection structures that are filled by the OS), the attack/exploit surface on this one is really tiny, if existent at all.