VYPR

PyPI package

cbpi4

pkg:pypi/cbpi4

Vulnerabilities (1)

  • CVE-2024-3955CriMay 2, 2024
    affected >= 4.0.0.58, < 4.4.1.a1fixed 4.4.1.a1

    URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation allowing to execute arbitrary code.This issue aff