CVE-2024-34361

Name of the Vulnerable Software and Affected Versions Pi-hole versions prior to 5.18.3

Description Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability allows an authenticated user to make internal requests to the server via the gravity DownloadBlocklistFromUrl() function. Depending on some circumstances, the vulnerability could lead to remote command execution.

Recommendations For versions prior to 5.18.3, update to version 5.18.3 to resolve the issue. As a temporary workaround, consider restricting access to the gravity DownloadBlocklistFromUrl() function until the patch is applied.