Static-Flow

**Name of the Vulnerable Software and Affected Versions** RestSharp versions prior to 112.0.0 **Description** The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method which does not check for CRLF characters in the header value. This means that any headers from a `RestSharp.RequestHeaders` object are added to the request in such a way that they are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using the RestSharp library passes a user-controllable value through to a header, then that application becomes vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application, but if such code were present in a web application then it becomes vulnerable to request splitting and thus Server Side Request Forgery. **Recommendations** For versions prior to 112.0.0, upgrade to version 112.0.0 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user-controllable input before passing it to the `AddHeader`, `AddOrUpdateHeader`, or `AddDefaultHeader` methods to minimize the risk of CRLF injection. Restrict access to sensitive headers and consider implementing additional security measures to prevent request splitting and Server Side Request Forgery.