Lucene search
+L

149 matches found

CVE
CVE
added yesterday11 views

CVE-2026-50271

CVE-2026-50271 affects the Datadog dd-trace-py Python APM client (prior to 4.8.2). The issue is improper parsing of W3C baggage headers, failing to enforce DD_TRACE_BAGGAGE_MAX_ITEMS/MAX_BYTES on the extract path. A remote, unauthenticated attacker can send baggage headers with an arbitrarily lar...

7.5CVSS5.4AI score0.00106EPSS
Exploits0References4
CVE
CVE
added yesterday10 views

CVE-2026-50274

Datadog dd-trace-go (Go client library for Datadog APM/ profiling/ security monitoring) is affected prior to version 2.8.1 due to improper enforcement of DD_TRACE_BAGGAGE_MAX_ITEMS/MAX_BYTES on the baggage header extract path. A remote, unauthenticated attacker can send HTTP requests with an exce...

7.5CVSS5.4AI score0.00106EPSS
Exploits0References4
CVE
CVE
added yesterday14 views

CVE-2026-50272

CVE-2026-50272 affects dd-trace for Node.js (pre-5.100.0). The issue occurs in W3C baggage propagation: baggage headers are parsed without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES during extraction in packages/dd-trace/src/baggage.js and packages/dd-trace/src/opentracing...

7.5CVSS5.5AI score0.00106EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday17 views

CVE-2026-50272 dd-trace: Improper parsing of W3C baggage headers may lead to DoS

dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/baggage.js and packages/dd-trace/src/opentracing/propagation/textmap.js parsed incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on...

7.5CVSS0.00106EPSS
Exploits0References4
CVE
CVE
added yesterday13 views

CVE-2026-48504

OpenTelemetry Rust (CVE-2026-48504) concerns BaggagePropagator::extract_with_context in opentelemetry_sdk. In 0.32.0 and earlier, it did not enforce W3C Baggage size limits before parsing an inbound baggage header, allowing an attacker-controlled header to trigger unnecessary CPU work and short-l...

5.3CVSS5.2AI score0.00096EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday14 views

CVE-2026-48504 OpenTelemetry Rust: Unbounded memory allocation in W3C Baggage propagation

OpenTelemetry Rust is the Rust OpenTelemetry implementation. In 0.32.0 and earlier, BaggagePropagator::extractwithcontext in opentelemetrysdk did not enforce W3C Baggage size limits before parsing an inbound baggage header, so a large attacker-controlled header could cause unnecessary CPU work an...

5.3CVSS0.00096EPSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-50273

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on extraction, allowing a remote...

7.5CVSS0.00106EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-50273 Datadog .NET Tracer: Improper parsing of W3C baggage headers may lead to DoS

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on extraction, allowing a remote...

7.5CVSS5.4AI score0.00106EPSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-45243

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on extraction, allowing a remote...

7.5CVSS5.5AI score0.00106EPSS
Exploits0References4
CVE
CVE
added yesterday11 views

CVE-2026-50273

Datadog .NET Tracer (dd-trace-dotnet) is affected prior to version 3.43.0 by CVE-2026-50273 due to improper parsing of W3C baggage headers. The extraction path does not enforce DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES, allowing a remote unauthenticated attacker to send a header wi...

7.5CVSS5.4AI score0.00106EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday24 views

CVE-2026-50273 Datadog .NET Tracer: Improper parsing of W3C baggage headers may lead to DoS

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on extraction, allowing a remote...

7.5CVSS0.00106EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 3 days ago14 views

dd-trace-rb: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

6.1AI score0.00106EPSS
Exploits0References2Affected Software1
OSV
OSV
added 3 days ago4 views

GHSA-P5F6-RCCC-JV98 dd-trace-rb: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 3 days ago12 views

dd-trace-go: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2Affected Software2
OSV
OSV
added 3 days ago4 views

GHSA-74J5-XF3V-CRQ8 dd-trace-go: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 3 days ago10 views

dd-trace-dotnet: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2Affected Software2
OSV
OSV
added 3 days ago4 views

GHSA-38WR-VPC7-2MP4 dd-trace-dotnet: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 3 days ago11 views

dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2Affected Software1
OSV
OSV
added 3 days ago4 views

GHSA-WXQQ-GCQ8-C443 dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2
Patchstack
Patchstack
added 3 days ago11 views

NPM: dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS

NPM: dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS vulnerability discovered by ? in WordPress Npm dd-trace versions 5.100.0...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder