Description
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.
Remediation
References
https://github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v
https://twitter.com/JLLeitschuh
Related Vulnerabilities
CVE-2021-3803 Vulnerability in npm package nth-check
CVE-2023-26108 Vulnerability in npm package @nestjs/core
CVE-2023-30516 Vulnerability in maven package org.jenkins-ci.plugins:image-tag-parameter
CVE-2021-32827 Vulnerability in maven package org.mock-server:mockserver-core
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-server-base