Applications using Werkzeug to parse multipart/form-data
requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.max_form_memory_size
setting.
The Request.max_content_length
setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.