Inefficient Regular Expression Complexity
There is a denial of service vulnerability in the "Content-Disposition" parsingcomponent of Rack versions 2.0.x prior to 126.96.36.199, 2.1.x prior to 188.8.131.52, 2.2.x prior to 184.108.40.206, and 3.0.0.x prior to 220.127.116.11. This could allow an attacker to craft an input that can cause "Content-Disposition" header parsing in Rack to take an unexpected amount of time, possibly resulting in a Denial of Service attack vector. This header is typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.