Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
https://support.zabbix.com/browse/ZBXSEC-30
https://support.zabbix.com/browse/ZBX-17600
https://support.zabbix.com/browse/DEV-1538
https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html