PyPI package
cbpi4
pkg:pypi/cbpi4
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-3955 | Cri | 9.8 | >= 4.0.0.58, < 4.4.1.a1 | 4.4.1.a1 | May 2, 2024 | URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation allowing to execute arbitrary code.This issue aff |
- affected >= 4.0.0.58, < 4.4.1.a1fixed 4.4.1.a1
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation allowing to execute arbitrary code.This issue aff