CVE-2024-25639

Advisory

In affected versions of Khoj, both the Obsidian desktop and web clients fail to properly sanitize inputs from the AI model's responses and user inputs. This oversight can lead to Cross-Site Scripting (XSS) attacks via prompt injection, particularly when untrusted documents indexed by users within Khoj or retrieved from the internet trigger the /online command.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

🎁 New
* Allow using Anthropic models like Claude by sabaimran in https://github.com/khoj-ai/khoj/pull/760
* Make Automations Shareable by sabaimran in https://github.com/khoj-ai/khoj/pull/790

🧪 Improve
* **Upgrade Khoj Obsidian UX**: Chat from Side Pane, Support Multiple Conversations by debanjum in https://github.com/khoj-ai/khoj/pull/736
* Improve Command Menu and Help Command by MythicalCow in https://github.com/khoj-ai/khoj/pull/774
* Improve Documentation to set up Khoj for Development by MythicalCow in https://github.com/khoj-ai/khoj/pull/768

⚒️ Fix
* Enforce CSP & sanitize AI generated chat responses to **prevent XSS via Prompt Injection**
* Uncovered by calligraf0 ❤️ in [CVE-2024-25639](https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm)
* Fixed by debanjum in b757ba664f7dc69b174e8e94deaa0e79414e2c46, 9f80c2ab76005dd7e51a7886007d09537f6c2483
* Open external links in an external browser from the Khoj desktop app in 7b18919564a420ed578dded0dd5ac85891d66ad5

**Full Changelog**: https://github.com/khoj-ai/khoj/compare/1.12.1...1.13.0

Resources

• https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm
• https://github.com/khoj-ai/khoj/commit/b757ba664f7dc69b174e8e94deaa0e79414e2c46
• https://github.com/khoj-ai/khoj/commit/9f80c2ab76005dd7e51a7886007d09537f6c2483https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25639
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25639