MultipartParser DOS via excessive multipart parts causes OOM

MultipartParser in Starlette versions before 0.25.0 accepts unlimited multipart parts (form fields or files). Processing too many parts results in high CPU usage and high memory usage, eventually leading to an OOM process kill. This can be triggered by sending many small form fields with no content or many empty files. Affects applications that call request.form() directly or via frameworks like FastAPI using form field or UploadFile parameters.

Upgrade Starlette to version 0.25.0 or higher (or FastAPI to 0.92.0 or higher). If custom limits are needed, configure request.form() parameters: max_fields and max_files (default 1000 each). Workaround for older versions: remove python-multipart dependency if not needed, avoid form fields, or replace request.form() calls with request.stream() and parse form data internally.