search

hassio-addons / addon-pi-hole

Pi-hole - Home Assistant Community Add-ons
https://addons.community
MIT License
123 stars 39 forks source link

CVE-2020-8816 #131

Closed fabaff closed 4 years ago

fabaff commented 4 years ago

Problem/Motivation

Pi-hole seems to be affected by a Remote Code Execution vulnerability (CVE-2020-8816).

The Addon isn't exposing itself publicly but we should decide on a way to handle it.

Steps to reproduce

See this blog post for details.

Proposed changes

Update the Addon to include AdminLTE 4.3.3 which contains a fix. Currently it's 4.3.2.

addons-assistant[bot] commented 4 years ago

:wave: Thanks for opening your first issue here! If you're reporting a :bug: bug, please make sure you include steps to reproduce it. Also, logs, error messages and information about your hardware might be useful.

frenck commented 4 years ago

Solved in v4.1.2

addons-assistant[bot] commented 4 years ago

This thread has been automatically locked because it has not had recent activity. Please open a new issue for related bugs and link to relevant comments in this thread.