Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 02 Oct 2025 13:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pi-hole:pi-hole:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T02:51:10.981Z

Reserved: 2024-05-02T06:36:32.439Z

Link: CVE-2024-34361

cve-icon Vulnrichment

Updated: 2024-08-02T02:51:10.981Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-05T19:15:09.610

Modified: 2025-10-02T13:07:15.947

Link: CVE-2024-34361

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:45:17Z