Transitive RestSharp Package Reference Causes Moderate Vulnerability Warning CVE-2024-45302

[SeanPLeslie]

CVE-2024-45302 CRLF Injection in RestSharp's RestRequest.AddHeader method shows up as a vulnerability warning in any project that references CyberSource.Rest.Client.NetStandard. The error you'll see in the compiler:
error NU1902: Warning As Error: Package 'RestSharp' 108.0.3 has a known moderate severity vulnerability, GHSA-4rr6-2v9v-wcpc [F:\Work\1\1719\s\src\Advantage\Advantage.sln]

If a project referencing CyberSource.Rest.Client.NetStandard attempts to force a usage of RestSharp version 112.0.0 they'll get an error because CyberSource.Rest.Client.NetStandard will only allow references 108.0.3. The error for this looks like:
NU1608 Warning As Error: Detected package version outside of dependency constraint: CyberSource.Rest.Client.NetStandard 0.0.1.38 requires RestSharp (= 108.0.3) but version RestSharp 112.0.0 was resolved.

We need a new version of CyberSource that references the fixed RestSharp package 112.0.0.

[mvarblow]

We at least need a version of this package that doesn't pin the RestSharp reference at the vulnerable 108.0.3 version. If that dependency were changed to >= 108.0.3 instead of = 108.0.3 then we would at least have a way to pin a later version of RestSharp in our solution.