Highrajkumar-Rangaraj

**Name of the Vulnerable Software and Affected Versions** OpenTelemetry.Api versions 1.10.0 through 1.11.1 **Description** A vulnerability in OpenTelemetry.Api could cause a Denial of Service (DoS) when a `tracestate` and `traceparent` header is received. This issue impacts any application accessible over the web or backend services that process HTTP requests containing a `tracestate` header. Application may experience excessive resource consumption, leading to increased latency, degraded performance, or downtime. **Recommendations** To resolve the issue, upgrade to OpenTelemetry.Api version 1.11.2 by running the command `dotnet add package OpenTelemetry --version 1.11.2`. For OpenTelemetry .NET Automatic Instrumentation, upgrade to version 1.11.0. As a temporary workaround, consider restricting access to the vulnerable `OpenTelemetry.Api` package until a patch is available. Avoid using the `tracestate` and `traceparent` headers in HTTP requests until the issue is resolved.