Product
The Datadog `dd-trace-js` library, specifically versions older than 5.100.0, is vulnerable to a Denial of Service (DoS) attack where improper parsing of W3C baggage HTTP headers allows a remote, unauthenticated attacker to send requests with an arbitrarily large number of comma-separated key-value pairs, leading to unbounded CPU and memory consumption and enabling a remote DoS against any HTTP service instrumented with the affected library where baggage propagation is enabled.