CVE-2020-6858

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.07 % (32^th)

Affected Products 1

Advisories 1

Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.

Weaknesses

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2020-03-12 14:15:21
(4 years ago)
Updated Date: 2020-03-17 14:51:29
(4 years ago)

Affected Products

Hotels

Styx

Configuration #1

	CPE23	Up To
Hotels Styx 0.7.10 and prior versions	cpe:2.3:a:hotels:styx	<= 0.7.10
Hotels Styx 1.0.0 Beta1	cpe:2.3:a:hotels:styx:1.0.0:beta1
Hotels Styx 1.0.0 Beta2	cpe:2.3:a:hotels:styx:1.0.0:beta2
Hotels Styx 1.0.0 Beta3	cpe:2.3:a:hotels:styx:1.0.0:beta3
Hotels Styx 1.0.0 Beta4	cpe:2.3:a:hotels:styx:1.0.0:beta4
Hotels Styx 1.0.0 Beta5	cpe:2.3:a:hotels:styx:1.0.0:beta5
Hotels Styx 1.0.0 Beta6	cpe:2.3:a:hotels:styx:1.0.0:beta6
Hotels Styx 1.0.0 Beta7	cpe:2.3:a:hotels:styx:1.0.0:beta7
Hotels Styx 1.0.0 Beta9	cpe:2.3:a:hotels:styx:1.0.0:beta9