Description
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.
Remediation
References
https://github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v
https://twitter.com/JLLeitschuh
Related Vulnerabilities
CVE-2020-13921 Vulnerability in maven package org.apache.skywalking:storage-jdbc-hikaricp-plugin
CVE-2021-28165 Vulnerability in maven package org.eclipse.jetty:jetty-io
CVE-2020-7795 Vulnerability in npm package get-npm-package-version
CVE-2022-1291 Vulnerability in maven package org.webjars.bowergithub.hhurz:tableexport.jquery.plugin