Gloo Edge Enterprise

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

Latest 1.12.x Gloo Enterprise Release: 1.12.23

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.12.22

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.22 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.22 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.22 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.22 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.22 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.22 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.22 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.22 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.22 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.22 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.12.21

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.21 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.21 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.21 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.21 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.21 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.21 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.21 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.21 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.21 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.21 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.12.20

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.20 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.20 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.20 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.20 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.20 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.19

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.19 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.19 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.19 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.19 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.19 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.18

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.18 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.18 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.18 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.18 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.17

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.17 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.17 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.17 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.17 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.16

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.16 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.16 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.16 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.16 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.15 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.15 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.15 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.15 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.14 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.14 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.14 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.14 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.13 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.13 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.13 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.13 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.12 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.12 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.12 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.12 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.11 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.11 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.11 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.11 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.10 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.10 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.10 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.10 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.9 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.9 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.9 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.9 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.8 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.8 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.8 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.8 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.7 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.7 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.7 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.7 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.6

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.6 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.6 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.6 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.6 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.5 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.5 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.5 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.5 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.4 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.4 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.4 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.4 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.3 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.3 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.3 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.3 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.2 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.2 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.2 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.2 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.1 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.1 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.1 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.1 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.1 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.1 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.1 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.12.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.0 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.0 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.0 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.0 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.0 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.0 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.0 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Latest 1.11.x Gloo Enterprise Release: 1.11.43

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.11.42

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.42 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.42 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.42 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.42 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.42 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.42 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.42 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.42 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.42 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.11.41

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.41 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.41 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.41 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.41 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.41 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.41 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.41 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.41 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.41 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.11.40

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.40 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.40 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.40 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.40 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.40 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.39

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.39 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.39 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.39 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.39 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.39 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.38

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.38 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.38 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.38 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.38 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.38 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.37

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.37 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.37 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.37 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.37 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.37 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.36

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.36 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.36 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.36 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.36 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.36 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.35

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.35 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.35 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.42.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.35 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.35 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.35 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220127200216-cd36cc0744dd 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.34

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.34 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.34 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.34 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.34 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.34 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.33

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.33 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.33 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.33 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.33 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.33 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.32

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.32 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.32 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.32 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.32 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.32 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.31

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.31 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.31 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.31 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.31 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.31 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.31 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.31 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.31 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.31 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.31 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.30

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.30 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.30 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.30 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.30 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.30 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.30 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.30 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.30 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.30 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.30 (alpine 3.15.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.29

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.29 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.29 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.29 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.29 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.29 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.29 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.29 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.29 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.29 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.29 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220107192237-5cfca573fb4d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.28

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.28 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.28 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.28 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.28 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.28 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.28 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.28 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.28 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.28 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.28 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.27

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.27 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.27 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.27 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.27 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.27 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.27 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.27 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.27 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.27 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.27 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.26

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.26 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.26 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.26 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.26 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.26 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.26 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.26 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.26 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.26 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.26 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.25

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.25 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.25 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.25 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.25 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.25 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.25 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.25 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.25 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.25 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.25 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.24

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.24 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.24 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.24 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.24 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.24 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.24 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.24 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.24 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.24 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.24 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.23

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.23 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.23 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.23 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.23 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.23 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.23 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.23 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.23 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.23 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.23 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.22

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.22 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.22 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.22 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.22 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.22 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.22 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.22 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.22 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.22 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.22 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.21

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.21 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.21 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.21 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.21 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.21 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.21 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.21 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.21 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.21 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.21 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.20

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.20 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.20 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.20 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.20 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.20 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.20 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.20 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r13 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r13 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.20 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.20 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.20 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.19

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.19 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.19 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.19 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.19 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.19 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.19 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.19 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r13 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.35.0-r13 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.19 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.19 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.19 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.18

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.18 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.18 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.18 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.18 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.18 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.18 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.18 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.18 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.18 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.17

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.17 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.17 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-29244 npm HIGH 8.5.5 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.17 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.17 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.17 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.17 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.17 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-29244 npm HIGH 8.5.5 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.17 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.17 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.16

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.16 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.16 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-29244 npm HIGH 8.5.5 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.16 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.16 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.16 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.16 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.16 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-29244 npm HIGH 8.5.5 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.16 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.16 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.15

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.15 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.15 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-29244 npm HIGH 8.5.5 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.15 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.15 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.15 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.15 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.15 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-29244 npm HIGH 8.5.5 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.15 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.15 (alpine 3.13.10)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.14

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.14 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.14 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.14 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.14 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.13 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.13 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.13 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.13 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.12 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.12 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.12 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.12 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.12 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.12 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.12 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.12 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.12 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.11 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.11 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.11 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.11 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.11 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.11 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.11 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.11 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.10.4-r2 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r2 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.11 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.10 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.10 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.10 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.10 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.10 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.10 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.10 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.10 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.10.4-r2 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r2 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.10 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.9 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.9 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.9 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.9 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.9 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.9 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.9 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.9 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.10.4-r2 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r2 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.9 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.8 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.8 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.8 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.8 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.8 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.8 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.8 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.8 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.10.4-r2 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r2 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.8 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.7 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.7 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.7 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.7 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.7 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.7 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.7 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.7 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.7 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.6 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.6 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.6 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.6 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.6 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.6 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.6 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.6 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.6 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.5 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.5 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.5 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.5 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.5 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.5 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.5 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.5 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.5 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.4 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.4 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.4 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.4 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.4 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.4 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.4 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.4 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.4 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.3 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.3 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.3 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187 git HIGH 2.34.2-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.3 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.3 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.3 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.3 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.3 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.3 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.2 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.2 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.2 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-29187 git HIGH 2.34.1-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.2 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.2 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.2 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.2 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.2 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.2 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.1 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-29187 git HIGH 2.34.1-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.1 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.1 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.1 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.1 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.1 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.1 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
Release 1.11.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.0 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40674 expat CRITICAL 2.4.7-r0 2.4.9-r0 https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-29187 git HIGH 2.34.1-r0 2.34.4-r0 https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207 libcurl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.0 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.0 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.0 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.0 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065 ssl_client HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20211205041911-012df41ee64c 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.0 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.32.1-r8 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r