Name of the Vulnerable Software and Affected Versions: Khoj (affected versions not specified)

Description: The issue allows an attacker to redirect a victim to a malicious page by utilizing the next parameter on the login page, making it appear as a legitimate app.khoj.dev URL. For instance, the URL https://app.khoj.dev/login?next=//example.com will redirect to https://example.com. The problem seems to be related to a method in the auth.py file. This could potentially be used in phishing attempts, although the impact is considered low.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.