A vulnerability, which was classified as critical, has been found in PiBrewing CraftBeerPi up to 4.4.1. Affected by this issue is the function
downloadlog
of the file cbpi/http_endpoints/http_system.py of the component GET Parameter Handler. The manipulation of the argument logtime leads to code injection.
This vulnerability is handled as CVE-2024-3955. The attack can only be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.