Pi-hole Core v5.18 released to fix an Authenticated Arbitrary File Read with root privileges vulnerability
A vulnerability was recently discovered in Pi-hole’s gravity script that would allow for any system file to be arbitrarily read and presented to an authenticated user on the web interface. This release mitigates the vulnerability by limiting gravity’s ability to read local file’s to only those that are explicitly readable by anyone on the system.…
Read more