Report an incident
Report an incident

Vulnerability in CraftBeerPi 4 software
CVE ID CVE-2024-3955
Publication date 02 May 2024
Vendor PiBrewing, CraftBeerPi - Brewing Controller
Product CraftBeerPi 4
Vulnerable versions from (commit 563fae9) to 4.4.1.a1 (commit 57572c7)
Vulnerability type (CWE) Improper Control of Generation of Code ('Code Injection') (CWE-94)
Report source Report to CERT Polska


CERT Polska has received a report about vulnerability in PiBrewing CraftBeerPi 4 software and assigned a CVE Record for it.

The vulnerability CVE-2024-3955 allows to execute arbitrary code due to lack of prior validation of URL GET "logtime" parameter in "cbpi/controller/" module.

This issue affects CraftBeerPi 4 software from (commit 563fae9) before 4.4.1.a1 (commit 57572c7).


We thank Pondzik for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at