CVE-2020-6858: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

March 3, 2020 (updated August 19, 2021)

Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.

References

github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v
github.com/advisories/GHSA-6v7p-v754-j89v
nvd.nist.gov/vuln/detail/CVE-2020-6858

Detect and mitigate CVE-2020-6858 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →