Is khoj affected by CVE-2024-52294?

PyPI khoj is affected in <1.29.0.

Is CVE-2024-52294 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

medium

CVE-2024-52294

Q: Is CVE-2024-52294 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

PyPI · khoj

Summary

khoj has an IDOR in subscription management allows unauthorized subscription modifications

Severity: medium
EPSS: 0.4% (p28)
Also known as: GHSA-hq4h-w933-jm6c
Published: 2024-12-30

References

https://github.com/khoj-ai/khoj/security/advisories/GHSA-hq4h-w933-jm6c
https://nvd.nist.gov/vuln/detail/CVE-2024-52294
https://github.com/khoj-ai/khoj/commit/47d3c8c23597900af708bdc60aced3ae5d2064c1

Related advisories

CVE-2025-69207 — medium · PyPI/khoj

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.