CVE-2024-3955 | PiBrewing CraftBeerPi up to 4.4.1 GET Parameter http_system.py downloadlog logtime code injection

May 2, 2024

A vulnerability, which was classified as critical, has been found in PiBrewing CraftBeerPi up to 4.4.1. Affected by this issue is the function downloadlog of the file cbpi/http_endpoints/http_system.py of the component GET Parameter Handler. The manipulation of the argument logtime leads to code injection.

This vulnerability is handled as CVE-2024-3955. The attack can only be initiated within the local network. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More