Gloo Edge Enterprise
Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.
Latest 1.11.x Gloo Enterprise Release: 1.11.11
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.11.10
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.11.9
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.9 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.9 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/gloo
No Vulnerabilities Found for usr/local/bin/js/package-lock.json
No Vulnerabilities Found for usr/local/bin/js/yarn.lock
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.9 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.9 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.9 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.9 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.9 (alpine 3.15.4)
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
No Vulnerabilities Found for usr/local/bin/js/package-lock.json
No Vulnerabilities Found for usr/local/bin/js/yarn.lock
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.9 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.9 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.9 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.11.8
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.11.7
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.11.6
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.11.5
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.5 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.5 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
No Vulnerabilities Found for usr/local/bin/js/package-lock.json
No Vulnerabilities Found for usr/local/bin/js/yarn.lock
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.5 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.5 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.5 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.5 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.5 (alpine 3.15.4)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
No Vulnerabilities Found for usr/local/bin/js/package-lock.json
No Vulnerabilities Found for usr/local/bin/js/yarn.lock
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.5 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.5 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.5 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.11.4
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.4 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.4 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
No Vulnerabilities Found for usr/local/bin/js/package-lock.json
No Vulnerabilities Found for usr/local/bin/js/yarn.lock
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.4 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.4 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.4 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.4 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.4 (alpine 3.15.4)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
No Vulnerabilities Found for usr/local/bin/js/package-lock.json
No Vulnerabilities Found for usr/local/bin/js/yarn.lock
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.4 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.4 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.4 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.11.3
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.3 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.3 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
No Vulnerabilities Found for usr/local/bin/js/package-lock.json
No Vulnerabilities Found for usr/local/bin/js/yarn.lock
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.3 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.3 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.3 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.3 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.3 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.3 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.3 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.3 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.11.2
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.2 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.2 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
No Vulnerabilities Found for usr/local/bin/js/package-lock.json
No Vulnerabilities Found for usr/local/bin/js/yarn.lock
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.2 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.2 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.2 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.2 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.2 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.2 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.2 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.2 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.11.1
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.1 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.1 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
No Vulnerabilities Found for usr/local/bin/js/package-lock.json
No Vulnerabilities Found for usr/local/bin/js/yarn.lock
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.1 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.1 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.1 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.1 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.1 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.1 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.1 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.1 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.11.0
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.0 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.0 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
No Vulnerabilities Found for usr/local/bin/js/package-lock.json
No Vulnerabilities Found for usr/local/bin/js/yarn.lock
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.0 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.0 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.0 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.0 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.0 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.0 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.0 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.0 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Latest 1.10.x Gloo Enterprise Release: 1.10.23
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.10.22
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.10.22 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.10.22 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.22 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.10.22 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.10.22 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.10.22 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.10.22 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.22 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.10.22 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.22 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.10.21
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.10.21 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.10.21 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.21 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.10.21 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.10.21 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.10.21 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.10.21 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.21 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.21 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27404 | freetype | CRITICAL | 2.10.4-r1 | 2.10.4-r2 | https://avd.aquasec.com/nvd/cve-2022-27404 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.21 (alpine 3.13.8)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.10.20
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.10.20 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.10.20 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.20 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.10.20 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.10.20 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.10.20 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.10.20 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.20 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.10.20 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.20 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.19
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.10.19 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.10.19 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.19 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.10.19 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.10.19 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.10.19 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.10.19 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.19 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.10.19 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.19 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.18
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.10.18 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.10.18 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.18 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.10.18 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.10.18 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.10.18 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.10.18 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.18 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.18 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.18 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.17
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.17 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.17 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.17 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.17 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.17 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.17 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.17 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.17 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.17 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.17 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.16
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.16 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.16 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.16 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.16 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.16 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.16 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.16 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.16 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.16 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.16 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.15
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.15 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.15 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.15 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.15 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.15 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.15 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.15 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.15 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.15 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.15 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.14
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.14 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.14 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.14 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.14 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.14 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.14 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.14 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.14 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.14 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.14 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.13
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.13 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.13 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.13 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.13 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.13 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.13 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.13 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.13 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.13 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.13 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.12
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.12 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.12 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.12 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.12 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.11
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.11 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.11 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.11 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.11 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.10
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.10 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.10 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.10 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.10 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.9 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.9 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.9 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.9 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.8 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.8 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.8 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.8 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.7 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.7 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.7 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.7 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.6 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.6 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2022-25314 | expat | HIGH | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.6 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.6 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.5 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.5 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2022-25314 | expat | HIGH | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.5 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.5 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.4 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.4 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2022-25314 | expat | HIGH | 2.4.4-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.4 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.4 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.3 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.3 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2022-25314 | expat | HIGH | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.3 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.3 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.2 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.2 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2022-25314 | expat | HIGH | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.2 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.2 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.1 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.1 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2022-25314 | expat | HIGH | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.1 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.1 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.10.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.0 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.0 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-22822 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22822 |
| CVE-2022-22823 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22823 |
| CVE-2022-22824 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22824 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2021-45960 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-45960 |
| CVE-2021-46143 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-46143 |
| CVE-2022-22825 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22825 |
| CVE-2022-22826 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22826 |
| CVE-2022-22827 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22827 |
| CVE-2022-25314 | expat | HIGH | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r3 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.0 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.0 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210920023735-84f357641f63 | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Latest 1.9.x Gloo Enterprise Release: 1.9.18
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.9.17
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.9.17 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.9.17 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.17 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.9.17 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.9.17 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.9.17 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.9.17 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.17 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.9.17 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.17 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.16
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.9.16 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.9.16 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.16 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.9.16 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.9.16 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.9.16 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.9.16 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.16 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.16 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27404 | freetype | CRITICAL | 2.10.4-r1 | 2.10.4-r2 | https://avd.aquasec.com/nvd/cve-2022-27404 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.16 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.15
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.9.15 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.9.15 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.15 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.9.15 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.9.15 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.9.15 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.9.15 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.15 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.15 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.15 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.14
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.14 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.14 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.14 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.14 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.14 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.14 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.14 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.14 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.14 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.14 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.13
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.13 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.13 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.13 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.13 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.13 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.13 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.13 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.13 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.13 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.13 (alpine 3.13.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.12
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.12 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.12 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.12 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.12 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.12 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.11
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.11 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.11 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.11 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.11 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.11 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.10
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.10 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.10 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2022-25314 | expat | HIGH | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.10 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.10 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.10 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.9 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.9 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2022-25314 | expat | HIGH | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.9 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.9 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.9 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.8 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.8 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2022-25314 | expat | HIGH | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.8 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.8 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.8 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.7 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.7 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-22822 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22822 |
| CVE-2022-22823 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22823 |
| CVE-2022-22824 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22824 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2021-45960 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-45960 |
| CVE-2021-46143 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-46143 |
| CVE-2022-22825 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22825 |
| CVE-2022-22826 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22826 |
| CVE-2022-22827 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22827 |
| CVE-2022-25314 | expat | HIGH | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.7 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.7 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.7 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.6 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.6 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-22822 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22822 |
| CVE-2022-22823 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22823 |
| CVE-2022-22824 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22824 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2021-45960 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-45960 |
| CVE-2021-46143 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-46143 |
| CVE-2022-22825 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22825 |
| CVE-2022-22826 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22826 |
| CVE-2022-22827 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22827 |
| CVE-2022-25314 | expat | HIGH | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.6 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.6 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.6 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.5 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.5 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-22822 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22822 |
| CVE-2022-22823 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22823 |
| CVE-2022-22824 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22824 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2021-45960 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-45960 |
| CVE-2021-46143 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-46143 |
| CVE-2022-22825 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22825 |
| CVE-2022-22826 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22826 |
| CVE-2022-22827 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22827 |
| CVE-2022-25314 | expat | HIGH | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.5 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.5 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.5 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.4 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.4 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-22822 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22822 |
| CVE-2022-22823 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22823 |
| CVE-2022-22824 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22824 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2021-45960 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-45960 |
| CVE-2021-46143 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-46143 |
| CVE-2022-22825 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22825 |
| CVE-2022-22826 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22826 |
| CVE-2022-22827 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22827 |
| CVE-2022-25314 | expat | HIGH | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.4 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.4 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.4 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.3 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.3 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-22822 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22822 |
| CVE-2022-22823 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22823 |
| CVE-2022-22824 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22824 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2021-45960 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-45960 |
| CVE-2021-46143 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-46143 |
| CVE-2022-22825 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22825 |
| CVE-2022-22826 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22826 |
| CVE-2022-22827 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22827 |
| CVE-2022-25314 | expat | HIGH | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.3 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.3 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.3 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.2 (alpine 3.14.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2021-41103 | github.com/containerd/containerd | HIGH | v1.4.3 | v1.4.11, v1.5.7 | https://avd.aquasec.com/nvd/cve-2021-41103 |
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.3 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2021-41092 | github.com/docker/cli | HIGH | v20.10.3+incompatible | v20.10.9 | https://avd.aquasec.com/nvd/cve-2021-41092 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.2 (alpine 3.14.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-22822 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22822 |
| CVE-2022-22823 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22823 |
| CVE-2022-22824 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22824 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2021-45960 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-45960 |
| CVE-2021-46143 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-46143 |
| CVE-2022-22825 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22825 |
| CVE-2022-22826 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22826 |
| CVE-2022-22827 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22827 |
| CVE-2022-25314 | expat | HIGH | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.2 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.2 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.2 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.1 (alpine 3.14.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2021-41103 | github.com/containerd/containerd | HIGH | v1.4.3 | v1.4.11, v1.5.7 | https://avd.aquasec.com/nvd/cve-2021-41103 |
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.3 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2021-41092 | github.com/docker/cli | HIGH | v20.10.3+incompatible | v20.10.9 | https://avd.aquasec.com/nvd/cve-2021-41092 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.1 (alpine 3.14.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-22822 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22822 |
| CVE-2022-22823 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22823 |
| CVE-2022-22824 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22824 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2021-45960 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-45960 |
| CVE-2021-46143 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-46143 |
| CVE-2022-22825 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22825 |
| CVE-2022-22826 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22826 |
| CVE-2022-22827 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22827 |
| CVE-2022-25314 | expat | HIGH | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.1 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.1 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.1 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.9.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.0 (alpine 3.14.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2021-41103 | github.com/containerd/containerd | HIGH | v1.4.3 | v1.4.11, v1.5.7 | https://avd.aquasec.com/nvd/cve-2021-41103 |
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.3 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2021-41092 | github.com/docker/cli | HIGH | v20.10.3+incompatible | v20.10.9 | https://avd.aquasec.com/nvd/cve-2021-41092 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.0 (alpine 3.14.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-22822 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22822 |
| CVE-2022-22823 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22823 |
| CVE-2022-22824 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22824 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2021-45960 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-45960 |
| CVE-2021-46143 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-46143 |
| CVE-2022-22825 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22825 |
| CVE-2022-22826 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22826 |
| CVE-2022-22827 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22827 |
| CVE-2022-25314 | expat | HIGH | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r3 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.33.1-r3 | 1.33.1-r6 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.0 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.13 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.0 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.0 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | busybox | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2021-42378 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42378 |
| CVE-2021-42379 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42379 |
| CVE-2021-42380 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42380 |
| CVE-2021-42381 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42381 |
| CVE-2021-42382 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42382 |
| CVE-2021-42383 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42383 |
| CVE-2021-42384 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42384 |
| CVE-2021-42385 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42385 |
| CVE-2021-42386 | ssl_client | HIGH | 1.32.1-r6 | 1.32.1-r7 | https://avd.aquasec.com/nvd/cve-2021-42386 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Latest 1.8.x Gloo Enterprise Release: 1.8.27
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.8.27 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.8.27 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.8.27 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.8.27 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.8.27 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.8.27 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.8.27 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.8.27 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.8.27 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.8.27 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.8.26
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.8.26 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.8.26 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.8.26 (alpine 3.15.0)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.8.26 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.8.26 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.8.26 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.8.26 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.8.26 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.8.26 (alpine 3.13.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.8.26 (alpine 3.13.8)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.8.25
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.8.25 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.8.25 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.8.25 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-24765 | git | HIGH | 2.34.1-r0 | 2.34.2-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.4-r2 | 3.3.4-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.8.25 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.8.25 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.8.25 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.8.25 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.8.25 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.8.25 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.8.25 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.8.24
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.8.24 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.8.24 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.8.24 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.3-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2022-25314 | expat | HIGH | 2.4.3-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.8.24 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.8.24 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.8.24 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.8.24 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.19.6 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.8.24 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.14 | 1.1.1-1ubuntu2.1~18.04.15 | https://avd.aquasec.com/nvd/cve-2022-0778 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.8.24 (alpine 3.13.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-23308 | libxml2 | HIGH | 2.9.12-r0 | 2.9.13-r0 | https://avd.aquasec.com/nvd/cve-2022-23308 |
| CVE-2021-30560 | libxslt | HIGH | 1.1.34-r0 | 1.1.35-r0 | https://avd.aquasec.com/nvd/cve-2021-30560 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-1271 | xz-libs | HIGH | 5.2.5-r0 | 5.2.5-r1 | https://avd.aquasec.com/nvd/cve-2022-1271 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.8.24 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Release 1.8.23
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.8.23 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.8.23 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23648 | github.com/containerd/containerd | HIGH | v1.4.11 | 1.4.13, 1.5.10, 1.6.1 | https://avd.aquasec.com/nvd/cve-2022-23648 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | v1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.8.23 (alpine 3.14.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-22822 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22822 |
| CVE-2022-22823 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22823 |
| CVE-2022-22824 | expat | CRITICAL | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22824 |
| CVE-2022-23852 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23852 |
| CVE-2022-23990 | expat | CRITICAL | 2.4.1-r0 | 2.4.4-r0 | https://avd.aquasec.com/nvd/cve-2022-23990 |
| CVE-2022-25235 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25235 |
| CVE-2022-25236 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25236 |
| CVE-2022-25315 | expat | CRITICAL | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25315 |
| CVE-2021-45960 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-45960 |
| CVE-2021-46143 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2021-46143 |
| CVE-2022-22825 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22825 |
| CVE-2022-22826 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22826 |
| CVE-2022-22827 | expat | HIGH | 2.4.1-r0 | 2.4.3-r0 | https://avd.aquasec.com/nvd/cve-2022-22827 |
| CVE-2022-25314 | expat | HIGH | 2.4.1-r0 | 2.4.5-r0 | https://avd.aquasec.com/nvd/cve-2022-25314 |
| CVE-2022-24765 | git | HIGH | 2.32.0-r0 | 2.32.1-r0 | https://avd.aquasec.com/nvd/cve-2022-24765 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libretls | HIGH | 3.3.3p1-r2 | 3.3.3p1-r3 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.33.1-r6 | 1.33.1-r7 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.8.23 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.8.23 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-27191 | golang.org/x/crypto | HIGH | v0.0.0-20210513164829-c07d793c2f9a | 0.0.0-20220315160706-3147a52a75dd | https://avd.aquasec.com/nvd/cve-2022-27191 |
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.8.23 (alpine 3.13.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-28391 | busybox | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2022-0778 | libcrypto1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-0778 | libssl1.1 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | https://avd.aquasec.com/nvd/cve-2022-0778 |
| CVE-2022-28391 | ssl_client | CRITICAL | 1.32.1-r7 | 1.32.1-r8 | https://avd.aquasec.com/nvd/cve-2022-28391 |
| CVE-2018-25032 | zlib | HIGH | 1.2.11-r3 | 1.2.12-r0 | https://avd.aquasec.com/nvd/cve-2018-25032 |