ASA-2018-00033 – Rack: DoS vulnerability in multipart parser

There is a possible DoS vulnerability in the multipart parser in Rack. Carefully crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. But any code that uses the multi-part parser may be vulnerable. Rack users that have manually adjusted the buffer size in the multipart parser may be vulnerable as well.