ruby3.2-rack-2.2
2.2.8.1-r0
5.3
CVSS V3
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.
A simple HTTP request with lots of blank characters in the content-type header:
It's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.