{"data":{"id":"cb31bc5f-f308-4d7f-9103-22d08da84ece","title":"CVE-2024-25639: Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize","summary":"Khoj, an application that creates personal AI agents, has a vulnerability in its Obsidian, Desktop, and Web clients where user inputs and AI responses are not properly cleaned (sanitized). This allows attackers to inject malicious code through prompt injection (tricking the AI by hiding instructions in its input) via untrusted documents, which can trigger XSS (cross-site scripting, where malicious code runs in a user's browser when they view a webpage).","solution":"This vulnerability is fixed in version 1.13.0. Users should update to this version or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-25639","publishedAt":"2024-07-08T15:15:21.423Z","cveId":"CVE-2024-25639","cweIds":["CWE-80","CWE-77","CWE-79"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection","jailbreak"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Khoj"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00406,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86","CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","safety"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}