When parsing large multipart/form-data, an attacker can cause a HTTP server to open a large number of file descriptors. This may be used as a denial-of-service vector.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2021-0172" }
{ "imports": [ { "path": "mime/multipart", "symbols": [ "Reader.readForm" ] } ] }