Description
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.
Remediation
References
https://github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v
https://twitter.com/JLLeitschuh
Related Vulnerabilities
CVE-2022-36915 Vulnerability in maven package org.jenkins-ci.plugins:android-signing
CVE-2022-4772 Vulnerability in maven package com.github.dgarijo:widoco
CVE-2021-43306 Vulnerability in maven package org.webjars.bower:jquery-validation
CVE-2020-7743 Vulnerability in npm package mathjs
CVE-2020-11022 Vulnerability in maven package org.webjars.bower:jquery