Description
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.
Remediation
References
https://github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v
https://twitter.com/JLLeitschuh
Related Vulnerabilities
CVE-2023-24621 Vulnerability in maven package com.esotericsoftware.yamlbeans:yamlbeans
CVE-2019-5458 Vulnerability in npm package http-file-server
CVE-2021-23444 Vulnerability in npm package jointjs
CVE-2020-7754 Vulnerability in npm package npm-user-validate
CVE-2021-46361 Vulnerability in maven package info.magnolia:magnolia-core