cbpi4@4.1.0a3 vulnerabilities

CraftBeerPi4 Brewing Software

Direct Vulnerabilities

Known vulnerabilities in the cbpi4 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Code Injection

cbpi4 is a CraftBeerPi4 Brewing Software

Affected versions of this package are vulnerable to Arbitrary Code Injection via the logtime parameter to a GET request, which is passed directly to os.system() and executed.

How to fix Arbitrary Code Injection?

Upgrade cbpi4 to version 4.4.1 or higher.

[,4.4.1)