Pi-Hole 5.1
Approved changes feed: RSS · Atom
cpe:2.3:a:pi-hole:pi-hole:5.1:*:*:*:*:*:*:*
part: a version: 5.1 update: *
| Vendor | Pi Hole (525d0520-023b-5ac7-adae-b0bb743ce667) |
|---|---|
| Product | Pi Hole (78c250c9-8027-5223-a813-a347760e361e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/pi-hole/adminlte |
purl2cpe | 2026-06-01 10:10:56.987657 |
pkg:github/pi-hole/pi-hole |
purl2cpe | 2026-06-01 10:10:56.987658 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-34361 |
vulnerable | 2026-06-08 06:37:33.173804 |
Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)
HIGH (8.6)
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.
Published: 2024-07-05T18:30:01.314Z
Updated: 2024-08-02T02:51:10.981Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-35592 |
vulnerable | 2026-06-08 05:25:01.420769 |
Details available
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.
Published: 2021-02-18T19:29:40.000Z
Updated: 2024-08-04T17:09:14.207Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-35591 |
vulnerable | 2026-06-08 05:25:01.419349 |
Details available
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
Published: 2021-02-18T19:26:56.000Z
Updated: 2024-08-04T17:09:14.106Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.