### [CVE-2024-45302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45302) ![](https://img.shields.io/static/v1?label=Product&message=RestSharp&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%20107%2C%20%3C%20112.0.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-93%3A%20Improper%20Neutralization%20of%20CRLF%20Sequences%20('CRLF%20Injection')&color=brighgreen) ### Description RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method which does not check for CRLF characters in the header value. This means that any headers from a `RestSharp.RequestHeaders` object are added to the request in such a way that they are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using the RestSharp library passes a user-controllable value through to a header, then that application becomes vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application like the one above, but if such code were present in a web application then it becomes vulnerable to request splitting (as shown in the PoC) and thus Server Side Request Forgery. Strictly speaking this is a potential vulnerability in applications using RestSharp, not in RestSharp itself, but I would argue that at the very least there needs to be a warning about this behaviour in the RestSharp documentation. RestSharp has addressed this issue in version 112.0.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. ### POC #### Reference - https://github.com/restsharp/RestSharp/security/advisories/GHSA-4rr6-2v9v-wcpc #### Github No PoCs found on GitHub currently.