Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.