Codebymoriarty

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack’s `Rack::Multipart::Parser` uses a greedy regular expression to extract the `boundary` parameter from `multipart/form-data`. When a `Content-Type` header contains multiple `boundary` parameters, Rack selects the last one instead of the first. This discrepancy can allow an attacker to smuggle multipart content past upstream inspection if an upstream proxy, WAF, or intermediary interprets the first `boundary` parameter, leading Rack to parse a different body structure than the intermediary validated. This can result in malicious form fields or uploaded content bypassing upstream filtering. The issue is most relevant in layered deployments where security decisions are made before the request reaches Rack. Recommendations Update to Rack version 2.2.23 or later. Update to Rack version 3.1.21 or later. Update to Rack version 3.2.6 or later.