Unbounded memory allocation from multipart form data without filename causes OOM

Starlette versions prior to 0.40.0 buffer multipart/form-data parts without a filename attribute in memory with no size limit. Attackers can upload arbitrarily large form fields causing excessive memory allocations, memory exhaustion, server swapping, and OOM process termination. Multiple parallel requests amplify the impact.

Upgrade Starlette to version 0.40.0 or later immediately. Do not rely solely on reverse proxy request size limits as parallel requests can bypass them. Monitor memory usage and OOM events in logs. If upgrade is not immediately possible, implement application-level request size limits or disable multipart/form-data endpoints temporarily.