Styx is vulnerable HTTP Response Splitting. The vulnerability exists because the StyxToNettyResponseTranslator
and Builder
classes of StyxToNettyResponseTranslator.java
and HttpHeaders.java
do not validate the HTTP Header built into Netty respectively, allowing an attacker to inject CRLF Sequences and manipulate with malicious content.
github.com/advisories/GHSA-6v7p-v754-j89v
github.com/HotelsDotCom/styx/blob/8d60e5493e65d0d536afc0b350dcb02d24e0f7a7/components/server/src/main/java/com/hotels/styx/server/netty/connectors/StyxToNettyResponseTranslator.java#L30
github.com/HotelsDotCom/styx/blob/e1d578e9b9c38df9cd19c21dc2eb9b949d85b558/components/api/src/main/java/com/hotels/styx/api/HttpHeaders.java#L145
github.com/HotelsDotCom/styx/commit/e55c172551d3cf0efd322207274262e30aaf225a
github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v
twitter.com/jlleitschuh