Product
The Datadog dd-trace-py tracing library, versions prior to 4.8.2, is vulnerable to a Denial of Service (DoS) attack due to improper parsing of W3C baggage HTTP headers, which fails to enforce item-count or byte-size limits on the extraction path, allowing an unauthenticated attacker to send a request with an arbitrarily large baggage header causing unbounded CPU and memory consumption.