CVE-2020-6858

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-6858

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6858.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-6858

Aliases

GHSA-6v7p-v754-j89v

Published

2020-03-12T14:15:21Z

Modified

2024-05-14T08:11:48.433689Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.

References

Affected packages

Git / github.com/hotelsdotcom/styx

Affected ranges

Type: GIT
Repo: https://github.com/hotelsdotcom/styx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

317d2c2ffc51cf9739e5a0f6521f223779489688

Last affected

5c6c9d4890dbc32b594e5aa52c3b63c5acffa09e

Last affected

6a436d142c13393c75b9fdd277729d33cc70b417

Last affected

6f8b987d0928c6d58e14dbe6ce8c49a08aa76ee6

Last affected

72c2b5d72d9a44e0b62e6991f1664c6b4dedeb35

Last affected

786bf76b8d3fca35582202f66bf11480591d86c0

Last affected

8db9d96234b8ee12a523b56b2f8f633f088ffadd

Last affected

b7f13b536836a6136c37ec14c6f1ccd8f1047278

Last affected

e9407161779676a378a3d179830a2f37b8af7660

Affected versions

mk-0.*

mk-0.7.0

styx-0.*

styx-0.7.1

styx-0.7.10

styx-1.*

styx-1.0.0.beta1

styx-1.0.0.beta3

styx-1.0.0.beta4

styx-1.0.0.beta5

styx-1.0.0.beta6

styx-1.0.0.beta7

styx-1.0.0.beta9

styx-styx-1.*

styx-styx-1.0.0.beta2