CVE-2026-50273 in dd-trace-dotnetinfo

Zusammenfassung

von MITRE • 17.07.2026

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES on extraction, allowing a remote unauthenticated attacker to send a baggage header with many comma-separated key-value pairs or one very large value and cause unbounded CPU and memory consumption in services with baggage propagation enabled. This issue is fixed in version 3.43.0.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

GitHub M

Reservieren

04.06.2026

Veröffentlichung

17.07.2026

Moderieren

akzeptiert

Eintrag

VDB-379900

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

low

Quellen

Do you know our Splunk app?

Download it now for free!