CVE-2024-34361
published 2024-07-05CVE-2024-34361: Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3…
PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.83%
84.8th percentile
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pi-hole | pi-hole | < 5.18.3 | 5.18.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/pi-hole/pi-hole/commit/2c497a9a3ea099079bbcd1eb21725b0ed54b529dhttps://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6https://github.com/pi-hole/pi-hole/commit/2c497a9a3ea099079bbcd1eb21725b0ed54b529dhttps://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6
2024-07-05
Published