Denial Of Service (DoS)

rack is vulnerable to Denial Of Service. The vulnerability is due to unbounded in-memory storage of non-file multipart form fields in Rack::Multipart::Parser, where attackers can send extremely large text fields that consume process memory and trigger OOM conditions, leading to DoS...

Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...