OpenTelemetry instrumentations rely on Propagators to parse incoming headers and extract Context (TraceContext, Baggage). Opening an issue to make sure these paths are sufficiently covered by tests.

Otel .NET published this advisory earlier today, where malformed tracestate header could be used by a bad actor and cause service to go down.
GHSA-8785-wc3w-h8q6