Vulnerability Description
Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Khoj | Khoj | < 1.13.0 |
Related Weaknesses (CWE)
References
- https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6ccPatch
- https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qmExploitVendor Advisory
- https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6ccPatch
- https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qmExploitVendor Advisory
FAQ
What is CVE-2024-25639?
CVE-2024-25639 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting ...
How severe is CVE-2024-25639?
CVE-2024-25639 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25639?
Check the references section above for vendor advisories and patch information. Affected products include: Khoj Khoj.