The CVE was opened because allowing CRLF in headers would make it possible to send two different requests instead of one. The list of characters is very small, you might want to ensure that your header value doesn't include any of those

https://github.com/restsharp/RestSharp/blob/0fba5e727d241b1867bd71efc912863075c2934b/src/RestSharp/Parameters/HeaderParameter.cs#L45C1-L64C6

Basically, here's the check

    static bool IsInvalidHeaderString(string stringValue) {
        // ReSharper disable once ForCanBeConvertedToForeach
        for (var i = 0; i < stringValue.Length; i  ) {
            switch (stringValue[i]) {
                case '\t':
                case '\r':
                case '\n':
                    return true;
            }
        }

        return false;
    }

Thanks Alexey for the answer.
In my code, however, I do not set any header. I have to use a provider's api (not made by me) and this error occurs. How can I solve it?
Here is the code snippet I run.

var _requestSmsList = new RestRequest("/cgi-bin/sms_list", Method.Get);
_requestSmsList.AddOrUpdateParameter("username", _userName);
_requestSmsList.AddOrUpdateParameter("password", _password);

var response = await _restClient.ExecuteGetAsync(_requestSmsList);

Hmm that's weird. I thought that the error occurs before you send the request, but it seems to be happening on response? It'd be good if you include the stack trace.

Hi Alexey,
I have the same problem. The response is returned 200 OK with Angelos text in the header "Content-Security-Policy"
Here are the returned headers from my test with Insomnia.

Connection: close
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src * 'self'; img-src * 'self'; script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js 'sha256-LV 4Blj3LIWsLHvvq37tdHwBQpq6ZOI wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8='; style-src https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/css/ol.css 'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx 9FGm/XmwNU=' 'self'
Cache-Control: no-cache
Content-type: text/plain;charset=utf-8

This did work previously in 111.3

Can you guys try 112.0.1-alpha.0.1 and see if it resolves the issue? I think it's the tab character that causes the exception.

Hi Alexey,
I can confirm 112.0.1-alpha.0.1 resolves the issue for me.
Thank you.

Ok, it's now out as 112.1

Hy Alexey,
I can confirm 112.1 resolves the issue for me.
Thank you.