5 matches found
CVE-2020-6858
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header...
CVE-2020-6858
CVE-2020-6858 affects Hotels Styx up to 1.0.0.beta8. The issue is HTTP Response Splitting (CRLF injection) caused by disabling Netty’s HTTP header validation in Styx code paths: HttpHeaders.Builder configured with new DefaultHttpHeaders(false) and StyxToNettyResponseTranslator creating DefaultHtt...
CVE-2020-6858
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header...
com.hotels.styx:styx-api-testsupport (>=0.0.1.beta6 <=v0.0.5), com.hotels.styx:styx-backend-provider (>=0.0.1.beta6 <=v0.0.5) +11 more potentially affected by CVE-2020-6858 via com.hotels.styx:styx-api (>=styx-1.0.0.beta2 <=0.7.9)
com.hotels.styx:styx-api MAVEN version =styx-1.0.0.beta2, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =v0.0.5 Source cves: CVE-2020-6858 Source advisory:...
CVE-2020-6858
creationtimestamp| type| source ---|---|--- 2020-02-10 11:28:30+00:00| published-proof-of-concept| https://github.com/ExpediaGroup/styx/security/advisories/GHSA-6v7p-v754-j89v...