CVE-2024-25639

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-25639
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25639.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-25639
Related
  • GHSA-h2q2-vch3-72qm
Published
2024-07-08T15:15:21Z
Modified
2025-01-08T15:53:27.057565Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.

References

Affected packages

Git / github.com/khoj-ai/khoj

Affected ranges

Type
GIT
Repo
https://github.com/khoj-ai/khoj
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.10.0
0.10.1
0.11.0
0.11.1
0.11.2
0.11.3
0.11.4
0.12.0
0.12.1
0.12.2
0.12.3
0.13.0
0.14.0
0.2.1
0.2.5
0.2.6
0.3.0
0.4.0
0.5.0
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.8.0
0.8.1
0.8.2
0.9.0

1.*

1.0.0
1.0.1
1.1.0
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.11.2
1.12.0
1.12.1
1.2.0
1.2.1
1.3.0
1.4.0
1.5.0
1.5.1
1.6.0
1.6.1
1.7.0
1.8.0
1.9.0

Other

rm

v0.*

v0.1.5-alpha
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.2.0