2May
CVE-2024-3955 | PiBrewing CraftBeerPi up to 4.4.1 GET Parameter http_system.py downloadlog logtime code injection
A vulnerability, which was classified as critical, has been found in PiBrewing CraftBeerPi up to 4.4.1. Affected by this issue is the functiondownloadlog
of the file cbpi/http_endpoints/http_system.py of the component GET Parameter Handler. The manipulation of the argument logtime leads to code injection.
This vulnerability is handled as CVE-2024-3955. The attack can only be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.