We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-34361

Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)



Description

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.

Reserved 2024-05-02 | Published 2024-07-05 | Updated 2024-08-02 | Assigner GitHub_M


HIGH: 8.6CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-918: Server-Side Request Forgery (SSRF)

Product status

< 5.18.3
affected

References

github.com/...i-hole/security/advisories/GHSA-jg6g-rrj6-xfg6

github.com/...ommit/2c497a9a3ea099079bbcd1eb21725b0ed54b529d

cve.org (CVE-2024-34361)

nvd.nist.gov (CVE-2024-34361)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-34361

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.