The vulnerability arises from the way FastAPI handles the parsing of Form data when a specially crafted Content-Type header is sent in a POST request. This header triggers a ReDoS condition, leading to uncontrolled resource consumption. The issue is specific to FastAPI's handling of Form data and does not affect JSON parsing endpoints. An attacker exploiting this vulnerability can cause a Denial of Service (DoS) by sending multiple malicious requests, effectively rendering the FastAPI server unresponsive.

An attacker crafts a malicious POST request with a Content-Type header designed to exploit the ReDoS vulnerability in FastAPI's Form data parsing. By sending this request to an endpoint that processes Form data, the attacker can cause the server to consume excessive resources, leading to a DoS condition. If the server is configured with multiple workers, sending a number of malicious requests equal to the number of workers plus one can completely incapacitate the FastAPI server.

Any application using FastAPI version 0.109.0 for processing Form data is vulnerable to this ReDoS attack. Applications that only process JSON data are not affected by this vulnerability.