False positive when charset=utf-8\x0d\x0a in content-type header

Hello CRS team,

some actions in my mobile application are triggering this rule and block request. I didnt set in APP charset=utf-8\x0d\x0a, so maybe its coming from android. When I exclude this rule SecRuleRemoveById 922110 then its fine, but I want to exclude it for everything and could not figure out any exception:

I tried this: tx.allowed_request_content_type_charset=|utf-8| |utf-8\x0d\x0a| |iso-8859-1| |iso-8859-15| |windows-1252|'

and also this:

SecRule REQUEST_HEADERS:Content-Type "text/plain; charset=utf-8\x0d\x0a" \
    "phase:1,nolog,pass,id:6,t:none,ctl:ruleRemoveById=922110"

I checked 922110 rule and it cant match above with regex defined there. Anyone can help me to understand this issue please ?

Many thanks

ModSecurity: Warning. Matched "Operator `Rx' with parameter `^(?:(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+)\/(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+))(?:\s*+;\s*+(?:(?:charset\s*+=\s*+(?:\"?(?:iso-8859-15?|windows-1252|utf-8)\b\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\"(),\/:;<=> (714 characters omitted)' against variable `TX:1' (Value: `text/plain; charset=utf-8\x0d\x0a' ) [file "/usr/local/coreruleset-3.3.4/rules/REQUEST-922-MULTIPART-ATTACK.conf"] [line "51"] [id "922110"] [rev ""] [msg "Illegal MIME Multipart Header content-type: charset parameter"] [data "Matched Data: text/plain; charset=utf-8\x0d\x0a found within Content-Type multipart form"] [severity "2"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/272/220"] [tag "paranoia-level/1"] [hostname "10.151.0.2"] [uri "/something.json"] [unique_id "167059009818.061175"] [ref "o0,41o14,27v974,41t:lowercaset:lowercase"],

• CRS version: 3.3.4
• Paranoia level setting:1
• ModSecurity version: 3.0.8
• Web Server and version: nginx
• Operating System and version: alpine