CVE-2023-29453 Agent 2 package are built with Go version affected by CVE-2023-24538

🗓️ 12 Oct 2023 05:50:19Reported by ZabbixType

CVE-2023-29453 Agent 2 package built with Go version affected by CVE-2023-24538. Template security issue fixed in Go 1.21 releas

Reporter	Title	Published	Views	Family All 19
AstraLinux	Astra Linux – Vulnerability in Zabbix	3 May 202623:59	–	astralinux
BDU FSTEC	The vulnerability of the agent of the Zabbix monitoring system allows a intruder to execute arbitrary code.	29 Nov 202300:00	–	bdu_fstec
CNNVD	Zabbix Code Injection Vulnerability	12 Oct 202300:00	–	cnnvd
CVE	CVE-2023-29453	12 Oct 202305:50	–	cve
Debian CVE	CVE-2023-29453	12 Oct 202305:50	–	debiancve
EUVD	EUVD-2023-33022	3 Oct 202520:07	–	euvd
NVD	CVE-2023-29453	12 Oct 202306:15	–	nvd
OSV	DEBIAN-CVE-2023-29453	12 Oct 202306:15	–	osv
OSV	UBUNTU-CVE-2023-29453	12 Oct 202306:15	–	osv
Prion	Design/Logic Flaw	12 Oct 202306:15	–	prion

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Agent2"
    ],
    "product": "Zabbix",
    "repo": "https://git.zabbix.com/",
    "vendor": "Zabbix",
    "versions": [
      {
        "changes": [
          {
            "at": "5.0.35",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.0.34",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "6.0.18",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.0.17",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "6.4.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.4.2",
        "status": "affected",
        "version": "6.4.0",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
support	www.support.zabbix.com/browse/ZBX-23388

12 Oct 2023 05:50Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8

EPSS0.0075

CWE-94

go cve-2023-29453 cve-2023-24538 template security javascript es6 safehtml