Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cdyd-79m9-pyhv
SummaryTemplates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.
Aliases
0
alias CVE-2023-29453
Fixed_packages
0
url pkg:deb/debian/zabbix@1:6.0.23%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:6.0.23%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.23%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
purl pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1
2
url pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1~deb13u1?distro=trixie
purl pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.22%252Bdfsg-1~deb13u1%3Fdistro=trixie
3
url pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.22%252Bdfsg-1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1
purl pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-172p-q6d5-9ya3
1
vulnerability VCID-18fv-tqjq-p3ce
2
vulnerability VCID-1xr6-n296-cyfd
3
vulnerability VCID-2hd4-rbph-5qd8
4
vulnerability VCID-3g1d-2tvh-akh4
5
vulnerability VCID-3qru-uxsd-e3c8
6
vulnerability VCID-464s-8ex9-kqdz
7
vulnerability VCID-4s92-5es4-yka5
8
vulnerability VCID-4uxg-fxv7-rua8
9
vulnerability VCID-547a-p94b-6fep
10
vulnerability VCID-5nmy-hdh8-xbg1
11
vulnerability VCID-5s7j-6aea-qucr
12
vulnerability VCID-673b-qsd3-e3hz
13
vulnerability VCID-69kr-fmzb-nbdr
14
vulnerability VCID-6u3x-x7qt-g3fa
15
vulnerability VCID-7bzf-3c9x-8qc4
16
vulnerability VCID-7f3g-hebk-3qad
17
vulnerability VCID-7yp1-231f-a3eq
18
vulnerability VCID-8cpy-mqfn-y3f9
19
vulnerability VCID-9aju-xvg1-n7e5
20
vulnerability VCID-9z8h-gg7t-b7f8
21
vulnerability VCID-aetr-jrab-6fg5
22
vulnerability VCID-b8tm-2187-wkhz
23
vulnerability VCID-batr-txtv-s3cf
24
vulnerability VCID-cdyd-79m9-pyhv
25
vulnerability VCID-cuqx-wxkd-nffa
26
vulnerability VCID-d7uk-h423-77f5
27
vulnerability VCID-dej6-dxbp-a3bt
28
vulnerability VCID-ftt2-5jnt-9ye2
29
vulnerability VCID-fxqr-51kp-3ber
30
vulnerability VCID-gbn9-b2t2-5fbs
31
vulnerability VCID-gp3f-yz9h-eqax
32
vulnerability VCID-kx3g-p2zj-duaj
33
vulnerability VCID-mggj-rvdd-eqc6
34
vulnerability VCID-mhx5-hcg2-wfc4
35
vulnerability VCID-nrkb-pzcu-8ueg
36
vulnerability VCID-psak-h1x6-1kca
37
vulnerability VCID-qhxc-w75p-kqaj
38
vulnerability VCID-qzp5-px2f-vqc8
39
vulnerability VCID-qzzk-mcfu-sfhv
40
vulnerability VCID-r65p-6wkq-sfb9
41
vulnerability VCID-r8yr-aet5-yydn
42
vulnerability VCID-s1mb-1gsj-pbed
43
vulnerability VCID-uh37-bv9z-1bdz
44
vulnerability VCID-uu3f-3rbn-9fad
45
vulnerability VCID-uxdf-6tyd-rucd
46
vulnerability VCID-wczj-cv1m-7qce
47
vulnerability VCID-wfae-uyd7-ybc3
48
vulnerability VCID-zc7p-7yts-5yae
49
vulnerability VCID-zrfp-skzu-cbet
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:5.0.8%252Bdfsg-1
1
url pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5nmy-hdh8-xbg1
1
vulnerability VCID-cdyd-79m9-pyhv
2
vulnerability VCID-dej6-dxbp-a3bt
3
vulnerability VCID-fxqr-51kp-3ber
4
vulnerability VCID-qzp5-px2f-vqc8
5
vulnerability VCID-qzzk-mcfu-sfhv
6
vulnerability VCID-r8yr-aet5-yydn
7
vulnerability VCID-s1mb-1gsj-pbed
8
vulnerability VCID-uh37-bv9z-1bdz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:5.0.8%252Bdfsg-1%3Fdistro=trixie
2
url pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1
purl pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-172p-q6d5-9ya3
1
vulnerability VCID-1xr6-n296-cyfd
2
vulnerability VCID-3g1d-2tvh-akh4
3
vulnerability VCID-3qru-uxsd-e3c8
4
vulnerability VCID-464s-8ex9-kqdz
5
vulnerability VCID-4s92-5es4-yka5
6
vulnerability VCID-4uxg-fxv7-rua8
7
vulnerability VCID-547a-p94b-6fep
8
vulnerability VCID-5nmy-hdh8-xbg1
9
vulnerability VCID-5s7j-6aea-qucr
10
vulnerability VCID-5t3e-bfve-d3he
11
vulnerability VCID-673b-qsd3-e3hz
12
vulnerability VCID-6u3x-x7qt-g3fa
13
vulnerability VCID-76qf-8jm4-8kct
14
vulnerability VCID-7bzf-3c9x-8qc4
15
vulnerability VCID-7f3g-hebk-3qad
16
vulnerability VCID-7yp1-231f-a3eq
17
vulnerability VCID-9jfn-6nvg-a3b6
18
vulnerability VCID-9z8h-gg7t-b7f8
19
vulnerability VCID-aetr-jrab-6fg5
20
vulnerability VCID-b8tm-2187-wkhz
21
vulnerability VCID-batr-txtv-s3cf
22
vulnerability VCID-cdyd-79m9-pyhv
23
vulnerability VCID-cuqx-wxkd-nffa
24
vulnerability VCID-d7uk-h423-77f5
25
vulnerability VCID-dej6-dxbp-a3bt
26
vulnerability VCID-ftt2-5jnt-9ye2
27
vulnerability VCID-fxqr-51kp-3ber
28
vulnerability VCID-gp3f-yz9h-eqax
29
vulnerability VCID-gyqk-zsww-ykdj
30
vulnerability VCID-kx3g-p2zj-duaj
31
vulnerability VCID-mhx5-hcg2-wfc4
32
vulnerability VCID-n5md-76wa-dbaa
33
vulnerability VCID-nrkb-pzcu-8ueg
34
vulnerability VCID-nyhx-57xy-wugc
35
vulnerability VCID-psak-h1x6-1kca
36
vulnerability VCID-qzp5-px2f-vqc8
37
vulnerability VCID-qzzk-mcfu-sfhv
38
vulnerability VCID-r65p-6wkq-sfb9
39
vulnerability VCID-r8yr-aet5-yydn
40
vulnerability VCID-ry8x-mjbp-qqct
41
vulnerability VCID-s1mb-1gsj-pbed
42
vulnerability VCID-sudd-unuw-wqa9
43
vulnerability VCID-uh37-bv9z-1bdz
44
vulnerability VCID-uxdf-6tyd-rucd
45
vulnerability VCID-vkfp-asar-7bhw
46
vulnerability VCID-wczj-cv1m-7qce
47
vulnerability VCID-zc7p-7yts-5yae
48
vulnerability VCID-zrfp-skzu-cbet
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1
3
url pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-172p-q6d5-9ya3
1
vulnerability VCID-1xr6-n296-cyfd
2
vulnerability VCID-3g1d-2tvh-akh4
3
vulnerability VCID-3qru-uxsd-e3c8
4
vulnerability VCID-464s-8ex9-kqdz
5
vulnerability VCID-4s92-5es4-yka5
6
vulnerability VCID-4uxg-fxv7-rua8
7
vulnerability VCID-547a-p94b-6fep
8
vulnerability VCID-5nmy-hdh8-xbg1
9
vulnerability VCID-5s7j-6aea-qucr
10
vulnerability VCID-5t3e-bfve-d3he
11
vulnerability VCID-673b-qsd3-e3hz
12
vulnerability VCID-6u3x-x7qt-g3fa
13
vulnerability VCID-76qf-8jm4-8kct
14
vulnerability VCID-7bzf-3c9x-8qc4
15
vulnerability VCID-7f3g-hebk-3qad
16
vulnerability VCID-7yp1-231f-a3eq
17
vulnerability VCID-9jfn-6nvg-a3b6
18
vulnerability VCID-9z8h-gg7t-b7f8
19
vulnerability VCID-aetr-jrab-6fg5
20
vulnerability VCID-b8tm-2187-wkhz
21
vulnerability VCID-batr-txtv-s3cf
22
vulnerability VCID-cdyd-79m9-pyhv
23
vulnerability VCID-cuqx-wxkd-nffa
24
vulnerability VCID-d7uk-h423-77f5
25
vulnerability VCID-dej6-dxbp-a3bt
26
vulnerability VCID-ftt2-5jnt-9ye2
27
vulnerability VCID-fxqr-51kp-3ber
28
vulnerability VCID-gp3f-yz9h-eqax
29
vulnerability VCID-gyqk-zsww-ykdj
30
vulnerability VCID-kx3g-p2zj-duaj
31
vulnerability VCID-mhx5-hcg2-wfc4
32
vulnerability VCID-n5md-76wa-dbaa
33
vulnerability VCID-nrkb-pzcu-8ueg
34
vulnerability VCID-nyhx-57xy-wugc
35
vulnerability VCID-psak-h1x6-1kca
36
vulnerability VCID-qzp5-px2f-vqc8
37
vulnerability VCID-qzzk-mcfu-sfhv
38
vulnerability VCID-r65p-6wkq-sfb9
39
vulnerability VCID-r8yr-aet5-yydn
40
vulnerability VCID-ry8x-mjbp-qqct
41
vulnerability VCID-s1mb-1gsj-pbed
42
vulnerability VCID-sudd-unuw-wqa9
43
vulnerability VCID-uh37-bv9z-1bdz
44
vulnerability VCID-uxdf-6tyd-rucd
45
vulnerability VCID-vkfp-asar-7bhw
46
vulnerability VCID-wczj-cv1m-7qce
47
vulnerability VCID-zc7p-7yts-5yae
48
vulnerability VCID-zrfp-skzu-cbet
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1%3Fdistro=trixie
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29453
reference_id
reference_type
scores
0
value 0.00559
scoring_system epss
scoring_elements 0.68277
published_at 2026-04-21T12:55:00Z
1
value 0.00559
scoring_system epss
scoring_elements 0.68297
published_at 2026-04-18T12:55:00Z
2
value 0.00559
scoring_system epss
scoring_elements 0.68207
published_at 2026-04-02T12:55:00Z
3
value 0.00559
scoring_system epss
scoring_elements 0.68225
published_at 2026-04-04T12:55:00Z
4
value 0.00559
scoring_system epss
scoring_elements 0.68201
published_at 2026-04-07T12:55:00Z
5
value 0.00559
scoring_system epss
scoring_elements 0.68252
published_at 2026-04-08T12:55:00Z
6
value 0.00559
scoring_system epss
scoring_elements 0.68267
published_at 2026-04-09T12:55:00Z
7
value 0.00559
scoring_system epss
scoring_elements 0.68293
published_at 2026-04-11T12:55:00Z
8
value 0.00559
scoring_system epss
scoring_elements 0.6828
published_at 2026-04-12T12:55:00Z
9
value 0.00559
scoring_system epss
scoring_elements 0.68246
published_at 2026-04-13T12:55:00Z
10
value 0.00559
scoring_system epss
scoring_elements 0.68286
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29453
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29453
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29453
2
reference_url https://support.zabbix.com/browse/ZBX-23388
reference_id ZBX-23388
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:17:42Z/
url https://support.zabbix.com/browse/ZBX-23388
Weaknesses
0
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Exploits
Severity_range_score9.8 - 9.8
Exploitability0.5
Weighted_severity4.9
Risk_score2.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cdyd-79m9-pyhv