CVE-2020-6858
MEDIUMHotels Styx < 0.7.10 - HTTP Response Splitting via CRLF Injection
Title source: llmDescription
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://twitter.com/JLLeitschuh
Exploit, Third Party Advisory x_refsource_misc
https://github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v
Scores
CVSS v3
6.5
EPSS
0.0116
EPSS Percentile
63.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-74
Status
published
Products (3)
com.hotels.styx/styx-api
0 - 1.0.0-rc1Maven
hotels/styx
1.0.0 beta1 (8 CPE variants)
hotels/styx
< 0.7.10
Published
Mar 12, 2020
Tracked Since
Feb 18, 2026