Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters

Summary Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An unauthenticat...

PT-2026-29924

Summary Rack::Multipart::Parserhandle mime head parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling incomplete enforcement of request throttling in the HTTP handler chain, allowing repeated authentication attempts against endpoints such as /health without per-IP rate limiting. An...

Enhancing API Gateway With Request Throttling to Manage Overconsumption

API traffic is exploding online and across the Akamai Intelligent Edge Platform. APIs are the connective tissue among organizations driving innovative and integrated digital experiences. As these experiences are mission critical for organizations to monetize partnerships, create connections for...