Wtn

**Name of the Vulnerable Software and Affected Versions** Rack versions 3.2.0 through 3.2.5 **Description** Rack’s `Rack::Multipart::Parser` incorrectly unfolds folded multipart part headers. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as `filename` or `name` instead of removing the folded line break during unfolding. This can lead to applications reusing these values in HTTP response headers being vulnerable to downstream header injection or response splitting. **Recommendations** Update to Rack version 3.2.6 or later.