Description
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.
Remediation
References
https://github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v
https://twitter.com/JLLeitschuh
Related Vulnerabilities
CVE-2021-3664 Vulnerability in npm package url-parse
CVE-2021-31635 Vulnerability in maven package com.jfinal:jfinal
CVE-2022-23458 Vulnerability in npm package tui-grid
CVE-2017-11467 Vulnerability in maven package com.orientechnologies:orientdb-core
CVE-2022-36915 Vulnerability in maven package org.jenkins-ci.plugins:android-signing