CVE-2023-29453

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.21 Zabbix (affected versions not specified)

Description The issue concerns the improper handling of backticks in Javascript template literals within Go templates, potentially allowing for the injection of arbitrary Javascript code. Additionally, there is a vulnerability related to incorrect code generation management in the Zabbix universal monitoring system agent, which could enable a remote attacker to execute arbitrary code.

Recommendations For Go versions prior to 1.21, consider using the GODEBUG flag jstmpllitinterp=1 to re-enable the previous behavior, but be aware that backticks will be escaped, and use this with caution. For Zabbix, at the moment, there is no information about a newer version that contains a fix for this vulnerability.