Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-38wr-vpc7-2mp4 | dd-trace-dotnet: Improper parsing of W3C baggage headers may lead to DoS |
Fri, 17 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES on extraction, allowing a remote unauthenticated attacker to send a baggage header with many comma-separated key-value pairs or one very large value and cause unbounded CPU and memory consumption in services with baggage propagation enabled. This issue is fixed in version 3.43.0. | |
| Title | Datadog .NET Tracer: Improper parsing of W3C baggage headers may lead to DoS | |
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-17T19:46:45.397Z
Reserved: 2026-06-04T16:26:05.984Z
Link: CVE-2026-50273
Updated: 2026-07-17T19:46:39.733Z
No data.
No data.
OpenCVE Enrichment
No data.
Github GHSA