3 matches found
PT-2024-21059 · Khoj · Khoj
Name of the Vulnerable Software and Affected Versions: Khoj versions prior to 1.13.0 Description: Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop, and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scriptin...
PT-2023-9289 · Hashicorp +1 · Hashicorp Vault +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault versions prior to 1.13.0 Description: The issue is related to the Google Cloud secrets engine in HashiCorp Vault and Vault Enterprise, where existing Google Cloud IAM Conditions were not preserved upon creating or updating...
PT-2023-12827 · Onnx · Onnx
Name of the Vulnerable Software and Affected Versions: onnx versions prior to 1.13.0 Description: The issue allows Directory Traversal, where the external data field of the tensor proto can contain a path to a file outside the model's current directory or user-provided directory. For example, an...