ReDoS in Rack::Multipart::BROKEN_QUOTED
and Rack::Multipart::BROKEN_UNQUOTED
.
https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
> Carefully crafted multipart POST requests can cause Rack’s multipart parser to take much longer than expected, leading to a possible denial of service vulnerability.
When the client sends a specially crafted header, it occur ReDoS on the server side.
Servers that interpret Post data by default, like Rails, are affected.