Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/khoj-assistant@0.12.4.dev25
Typepypi
Namespace
Namekhoj-assistant
Version0.12.4.dev25
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.14.0
Latest_non_vulnerable_version1.14.0
Affected_by_vulnerabilities
0
url VCID-qydt-a8c4-suh2
vulnerability_id VCID-qydt-a8c4-suh2
summary 
Khoj Open Redirect Vulnerability in Login Page
### Summary
An attacker can use the `next` parameter on the login page to redirect a victim to a malicious page, while masking this using a legit-looking `app.khoj.dev` url.
For example, `https://app.khoj.dev/login?next=//example.com` will redirect to the https://example.com page.

### Details
The problem seems to be in this method: https://github.com/khoj-ai/khoj/blob/2667ef45449eb408ce1d7c393be04845be31e15f/src/khoj/routers/auth.py#L95

### PoC
Open the `https://app.khoj.dev/login?next=//example.com` url in a Gecko-based browser (Firefox).

### Impact
The impact is low, and this could only be used in phishing attempts, but it's still a problem nonetheless.
references
0
reference_url https://github.com/khoj-ai/khoj
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/khoj-ai/khoj
1
reference_url https://github.com/khoj-ai/khoj/blob/2667ef45449eb408ce1d7c393be04845be31e15f/src/khoj/routers/auth.py#L95
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/khoj-ai/khoj/blob/2667ef45449eb408ce1d7c393be04845be31e15f/src/khoj/routers/auth.py#L95
2
reference_url https://github.com/khoj-ai/khoj/commit/4daf16e5f916641304e11d56a6071ad365c21a18
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/khoj-ai/khoj/commit/4daf16e5f916641304e11d56a6071ad365c21a18
3
reference_url https://github.com/khoj-ai/khoj/security/advisories/GHSA-564j-v29w-rqr6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/khoj-ai/khoj/security/advisories/GHSA-564j-v29w-rqr6
4
reference_url https://github.com/advisories/GHSA-564j-v29w-rqr6
reference_id GHSA-564j-v29w-rqr6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-564j-v29w-rqr6
fixed_packages
0
url pkg:pypi/khoj-assistant@1.14.0
purl pkg:pypi/khoj-assistant@1.14.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/khoj-assistant@1.14.0
aliases GHSA-564j-v29w-rqr6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qydt-a8c4-suh2
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/khoj-assistant@0.12.4.dev25