Summary
Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one rather than the first.
In deployments where an upstream proxy, WAF, or intermediary interprets the first boundary parameter, this mismatch can allow an attacker to smuggle multipart content past upstream inspection and have Rack parse a different body structure than the intermediary validated.
Details
Rack identifies the multipart boundary using logic equivalent to:
MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
Because the expression is greedy, it matches the last boundary= parameter in a header such as:
Content-Type: multipart/form-data; boundary=safe; boundary=malicious
As a result, Rack parses the request body using malicious, while another component may interpret the same header using safe.
This creates an interpretation conflict. If an upstream WAF or proxy inspects multipart parts using the first boundary and Rack later parses the body using the last boundary, a client may be able to place malicious form fields or uploaded content in parts that Rack accepts but the upstream component did not inspect as intended.
This issue is most relevant in layered deployments where security decisions are made before the request reaches Rack.
Impact
Applications that accept multipart/form-data uploads behind an inspecting proxy or WAF may be affected.
In such deployments, an attacker may be able to bypass upstream filtering of uploaded files or form fields by sending a request with multiple boundary parameters and relying on the intermediary and Rack to parse the request differently.
The practical impact depends on deployment architecture. If no upstream component relies on a different multipart interpretation, this behavior may not provide meaningful additional attacker capability.
Mitigation
- Update to a patched version of Rack that rejects ambiguous multipart
Content-Type headers or parses duplicate boundary parameters consistently.
- Reject requests containing multiple
boundary parameters.
- Normalize or regenerate multipart metadata at the trusted edge before forwarding requests to Rack.
- Avoid relying on upstream inspection of malformed multipart requests unless duplicate parameter handling is explicitly consistent across components.
References
CodeByMoriarty Reporter
jeremyevans Remediation developer
ioquatix Coordinator
Summary
Rack::Multipart::Parserextracts theboundaryparameter frommultipart/form-datausing a greedy regular expression. When aContent-Typeheader contains multipleboundaryparameters, Rack selects the last one rather than the first.In deployments where an upstream proxy, WAF, or intermediary interprets the first
boundaryparameter, this mismatch can allow an attacker to smuggle multipart content past upstream inspection and have Rack parse a different body structure than the intermediary validated.Details
Rack identifies the multipart boundary using logic equivalent to:
Because the expression is greedy, it matches the last
boundary=parameter in a header such as:Content-Type: multipart/form-data; boundary=safe; boundary=maliciousAs a result, Rack parses the request body using
malicious, while another component may interpret the same header usingsafe.This creates an interpretation conflict. If an upstream WAF or proxy inspects multipart parts using the first boundary and Rack later parses the body using the last boundary, a client may be able to place malicious form fields or uploaded content in parts that Rack accepts but the upstream component did not inspect as intended.
This issue is most relevant in layered deployments where security decisions are made before the request reaches Rack.
Impact
Applications that accept
multipart/form-datauploads behind an inspecting proxy or WAF may be affected.In such deployments, an attacker may be able to bypass upstream filtering of uploaded files or form fields by sending a request with multiple
boundaryparameters and relying on the intermediary and Rack to parse the request differently.The practical impact depends on deployment architecture. If no upstream component relies on a different multipart interpretation, this behavior may not provide meaningful additional attacker capability.
Mitigation
Content-Typeheaders or parses duplicateboundaryparameters consistently.boundaryparameters.References