Navigation :

Gloo Edge Enterprise

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

Latest 1.12.x Gloo Enterprise Release: 1.12.23

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.12.22

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.22 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.22 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.22 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.22 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.22 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.22 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.22 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.22 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.22 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.22 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.12.21

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.21 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.21 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.21 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.21 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.21 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.21 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.21 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.21 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.21 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.21 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.12.20

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.20 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.20 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.20 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.20 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.20 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.19

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.19 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.19 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.19 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.19 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.19 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.18

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.18 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.18 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.18 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.18 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.17

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.17 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.17 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.17 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.17 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.16

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.16 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.16 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.16 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.16 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.15 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.15 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.15 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.15 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.14 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.14 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.14 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.14 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.13 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.13 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.13 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.13 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.12 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.12 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.12 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.12 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.11 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.11 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.11 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.11 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.10 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.10 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.10 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.10 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.9 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.9 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.9 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.9 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.8 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.8 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.8 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.8 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.7 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.7 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.7 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.7 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.6

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.6 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.6 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.6 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.6 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.5 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.5 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.5 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.5 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.4 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.4 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.4 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.4 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.3 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.3 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.3 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.3 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.2 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.2 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.2 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.2 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.1 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.1 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.1 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.1 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.1 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.1 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.1 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.1 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.1 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.12.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.0 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.0 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.0 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.0 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.0 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.0 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.0 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Latest 1.11.x Gloo Enterprise Release: 1.11.43

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.11.42

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.42 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.42 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.42 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.42 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.42 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.42 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.42 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.42 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.42 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.11.41

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.41 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.41 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.41 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.41 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.41 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.41 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.41 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.41 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.41 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.11.40

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.40 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.40 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.40 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.40 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.40 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.39

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.39 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.39 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.39 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.39 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.39 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.38

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.38 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.38 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.38 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.38 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.38 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.37

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.37 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.37 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.37 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.37 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.37 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.36

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.36 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.36 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.36 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.36 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.36 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.35

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.35 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.35 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.35 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.35 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.35 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.34

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.34 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.34 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.34 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.34 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.34 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.33

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.33 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.33 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.33 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.33 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.33 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.32

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.32 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.32 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.32 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.32 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.32 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.31

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.31 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.31 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.31 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.31 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.31 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.31 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.31 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.31 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.31 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.31 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.30

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.30 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.30 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.30 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.30 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.30 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.30 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.30 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.30 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.30 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.30 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.29

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.29 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.29 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.29 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.29 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.29 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.29 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.29 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.29 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.29 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.29 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.28

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.28 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.28 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.28 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.28 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.28 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.28 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.28 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.28 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.28 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.28 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.27

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.27 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.27 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.27 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.27 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.27 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.27 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.27 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.27 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.27 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.27 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.26

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.26 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.26 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.26 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.26 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.26 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.26 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.26 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.26 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.26 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.26 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.25

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.25 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.25 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.25 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.25 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.25 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.25 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.25 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.25 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.25 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.25 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.24

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.24 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.24 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.24 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.24 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.24 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.24 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.24 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.24 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.24 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.24 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.23

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.23 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.23 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.23 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.23 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.23 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.23 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.23 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.23 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.23 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.23 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.22

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.22 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.22 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.22 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.22 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.22 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.22 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.22 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.22 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.22 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.22 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.21

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.21 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.21 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.21 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.21 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.21 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.21 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.21 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.21 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.21 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.21 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.20

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.20 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.20 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.20 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.20 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.20 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.20 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.20 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r13	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r13	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.20 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.20 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.20 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.19

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.19 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.19 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.19 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.19 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.19 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.19 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.19 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r13	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r13	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.19 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.19 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.19 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.18

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.18 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.18 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.18 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.18 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.18 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.18 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.18 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.18 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.18 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.17

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.17 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.17 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-29244	npm	HIGH	8.5.5	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.17 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.17 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.17 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.17 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.17 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-29244	npm	HIGH	8.5.5	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.17 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.17 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.16

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.16 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.16 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-29244	npm	HIGH	8.5.5	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.16 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.16 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.16 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.16 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.16 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-29244	npm	HIGH	8.5.5	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.16 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.16 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.15

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.15 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.15 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-29244	npm	HIGH	8.5.5	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.15 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.15 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.15 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.15 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.15 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-29244	npm	HIGH	8.5.5	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.15 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.15 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.14

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.14 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.14 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.14 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.14 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.14 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.14 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.14 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.14 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.14 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.13 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.13 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.13 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.13 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.13 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.13 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.13 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.13 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.13 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.12 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.12 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.12 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.12 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.12 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.12 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.12 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.12 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.12 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.11 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.11 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.11 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.11 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.11 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.11 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.11 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.11 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405	freetype	HIGH	2.10.4-r2	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r2	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.11 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.10 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.10 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.10 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.10 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.10 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.10 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.10 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.10 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405	freetype	HIGH	2.10.4-r2	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r2	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.10 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.9 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.9 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.9 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.9 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.9 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.9 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.9 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.9 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405	freetype	HIGH	2.10.4-r2	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r2	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.9 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.8 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.8 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.8 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.8 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.8 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.8 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.8 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.8 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405	freetype	HIGH	2.10.4-r2	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r2	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.8 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.7 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.7 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.7 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.7 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.7 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.7 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.7 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.7 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.7 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.6 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.6 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.6 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.6 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.6 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.6 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.6 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.6 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.6 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.5 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.5 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.5 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.5 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.5 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.5 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.5 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.5 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.5 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.4 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.4 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.4 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.4 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.4 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.4 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.4 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.4 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.4 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.3 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.3 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.3 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.3 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.3 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.3 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.3 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.3 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.3 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.2 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.2 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.2 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-24765	git	HIGH	2.34.1-r0	2.34.2-r0	https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-29187	git	HIGH	2.34.1-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.2 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.2 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.2 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.2 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.2 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.2 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.1 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.1 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.1 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-24765	git	HIGH	2.34.1-r0	2.34.2-r0	https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-29187	git	HIGH	2.34.1-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.1 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.1 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.1 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.1 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.1 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.1 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Release 1.11.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.0 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-24765	git	HIGH	2.34.1-r0	2.34.2-r0	https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-29187	git	HIGH	2.34.1-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.80.0-r0	7.80.0-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r0	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.0 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.0 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.0 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.0 (alpine 3.13.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210920023735-84f357641f63	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.0 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r