Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 02 Oct 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:pi-hole:pi-hole:*:*:*:*:*:*:*:* |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T02:51:10.981Z
Reserved: 2024-05-02T06:36:32.439Z
Link: CVE-2024-34361

Updated: 2024-08-02T02:51:10.981Z

Status : Analyzed
Published: 2024-07-05T19:15:09.610
Modified: 2025-10-02T13:07:15.947
Link: CVE-2024-34361

No data.

Updated: 2025-07-12T22:45:17Z