I reported at https://hackerone.com/reports/1639882
https://discuss.rubyonrails.org/t/cve-2022-44572-possible-denial-of-service-vulnerability-in-racks-rfc2183-boundary-parsing/82124
> There is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572.
> Carefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.
Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.
This regular expression does not have the effect of ReDoS countermeasures using memoization in Ruby 3.2.