Gloo Edge Enterprise
Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.
Latest 1.15.x Gloo Enterprise Release: 1.15.9
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.15.8
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.8 (alpine 3.17.3)
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.8 (ubuntu 20.04)
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.8 (ubuntu 20.04)
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.8 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.8 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.8 (alpine 3.17.3)
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.8 (ubuntu 20.04)
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.8 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.15.8 (alpine 3.17.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.8 (alpine 3.17.3)
Release 1.15.7
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.7 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.7 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.7 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.7 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.7 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.15.7 (alpine 3.17.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.7 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Release 1.15.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.6 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.15.5
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.5 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.5 (ubuntu 20.04)
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.5 (ubuntu 20.04)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.5 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.5 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.5 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.5 (ubuntu 20.04)
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.5 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.15.5 (alpine 3.17.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.5 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.15.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.4 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.15.3
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.15.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.2 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.15.2 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.2 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.2 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.2 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.2 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.15.2 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.2 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.2 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.2 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.15.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.15.1 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.1 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.15.1 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.1 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.15.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.15.0 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.0 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.15.0 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.0 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.12.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.56.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Latest 1.14.x Gloo Enterprise Release: 1.14.13
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.13 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.13 (alpine 3.17.5)
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.13 (alpine 3.17.5)
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.13 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.13 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.13 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.13 (alpine 3.17.5)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.13 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.13 (alpine 3.17.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.13 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.14.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
Release 1.14.12
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.12 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.12 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.12 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.12 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.12 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.12 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.12 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.12 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.12 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.12 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.14.11
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.11 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.11 (alpine 3.17.5)
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.11 (alpine 3.17.5)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.11 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.11 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.11 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.11 (alpine 3.17.5)
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.11 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.11 (alpine 3.17.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.11 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.14.10
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.10 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.10 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.10 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.10 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.10 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.10 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.10 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.10 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.10 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.10 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.14.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.9 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.9 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.9 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.9 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.9 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.9 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.9 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.9 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.9 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.9 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.14.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.8 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.8 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.8 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.8 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.8 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.8 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.8 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.8 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.8 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.8 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.14.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.7 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.7 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.7 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.7 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.7 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.7 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.7 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.7 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.7 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.7 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.14.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.6 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.6 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.14.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.5 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.5 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.5 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.5 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.5 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.5 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.5 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.5 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.5 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-3138 | libx11 | HIGH | 1.8.4-r0 | 1.8.4-r1 | https://avd.aquasec.com/nvd/cve-2023-3138 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r0 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.5 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.14.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.4 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-3138 | libx11 | HIGH | 1.8.4-r0 | 1.8.4-r1 | https://avd.aquasec.com/nvd/cve-2023-3138 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r0 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.4 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.14.3
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.3 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.3 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.3 (alpine 3.17.3)
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.3 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.3 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.3 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.3 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.3 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.3 (alpine 3.17.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.3 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.14.2
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.2 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.2 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.2 (alpine 3.17.3)
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.2 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.2 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.2 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.2 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.2 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.2 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.2 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.14.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.1 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-3138 | libx11 | HIGH | 1.8.4-r0 | 1.8.4-r1 | https://avd.aquasec.com/nvd/cve-2023-3138 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r0 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.1 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.14.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.0 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-3138 | libx11 | HIGH | 1.8.4-r0 | 1.8.4-r1 | https://avd.aquasec.com/nvd/cve-2023-3138 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r0 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.0 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Latest 1.13.x Gloo Enterprise Release: 1.13.28
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.28 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.28 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.28 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.28 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.28 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.28 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.28 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.28 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.28 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.28 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.27
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.27 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.27 (alpine 3.17.5)
No Vulnerabilities Found for Node.js
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.27 (alpine 3.17.5)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.27 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.27 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.27 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.27 (alpine 3.17.2)
No Vulnerabilities Found for Node.js
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.27 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.13.27 (alpine 3.17.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.27 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.13.26
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.26 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.26 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.26 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.26 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.26 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.26 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.26 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.26 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.26 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.26 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.25
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.25 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.25 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.25 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.25 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.25 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.25 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.25 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.25 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.25 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.3.0-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.25 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.24
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.24 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.24 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.24 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.24 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.24 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.24 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.24 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.24 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.24 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.24 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.23
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.23 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.23 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.23 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.23 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.23 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.23 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.23 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.23 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.23 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.23 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.22
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.22 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.22 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.22 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.22 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.22 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.22 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.22 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.22 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.22 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.22 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.21
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.21 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.21 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.21 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.21 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.21 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.21 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.21 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.21 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.21 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.21 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.20
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.20 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.20 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.20 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.20 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.20 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.20 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.20 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.20 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.20 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.20 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.19
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.19 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.19 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.19 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.19 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.19 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.19 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.19 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.19 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.19 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.2-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.2-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-3138 | libx11 | HIGH | 1.8.4-r0 | 1.8.4-r1 | https://avd.aquasec.com/nvd/cve-2023-3138 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r0 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.19 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.18
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.18 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.18 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.18 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.0-r1 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.0-r1 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.18 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.18 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.18 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.18 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.18 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.18 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.1.0-r1 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.1.0-r1 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.1.0-r1 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.1.0-r1 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-3138 | libx11 | HIGH | 1.8.4-r0 | 1.8.4-r1 | https://avd.aquasec.com/nvd/cve-2023-3138 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r0 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.18 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.17
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.17 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.17 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.17 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.17 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.17 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.17 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.17 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.17 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.17 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-3138 | libx11 | HIGH | 1.8.4-r0 | 1.8.4-r1 | https://avd.aquasec.com/nvd/cve-2023-3138 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r0 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.17 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.16
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.16 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.16 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.16 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.16 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.16 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.16 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.16 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.16 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.16 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.0.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 8.0.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-3138 | libx11 | HIGH | 1.8.4-r0 | 1.8.4-r1 | https://avd.aquasec.com/nvd/cve-2023-3138 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r0 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.16 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.15
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.15 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.15 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.15 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 7.88.1-r1 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.88.1-r1 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.15 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.15 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.15 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.15 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.15 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.15 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.15 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.14
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.14 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.14 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.14 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 7.88.1-r1 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.88.1-r1 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.14 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.14 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.14 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.14 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.14 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.14 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.14 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.13
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.13 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.13 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.13 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 7.88.1-r1 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-28319 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.88.1-r1 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.13 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.13 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.13 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.13 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.13 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.13 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.13 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.12
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.12 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.12 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.12 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 7.88.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.88.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.12 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.12 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.12 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.12 (alpine 3.17.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.12 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.12 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.12 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.11
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.11 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.11 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.11 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 7.88.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.88.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.11 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.11 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.11 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.11 (alpine 3.17.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.11 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.11 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.11 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.10
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.10 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.10 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.10 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 7.88.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.88.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.10 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.10 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.10 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.10 (alpine 3.17.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.10 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.10 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.10 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.9 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.9 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.9 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-25652 | git | HIGH | 2.38.4-r0 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.38.4-r0 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 7.87.0-r2 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.87.0-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.87.0-r2 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.9 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.9 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.9 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.9 (alpine 3.17.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.9 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.9 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.9 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.8 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.8 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.8 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-25652 | git | HIGH | 2.38.4-r0 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.38.4-r0 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 7.87.0-r2 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.87.0-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.87.0-r2 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r0 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.8 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.8 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.8 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.8 (alpine 3.17.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.8 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.8 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r6 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r6 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.8 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.7 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.7 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.7 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23946 | git | HIGH | 2.34.6-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
CVE-2023-25652 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.80.0-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.80.0-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.7 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.7 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.7 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.7 (alpine 3.17.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.7 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.7 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.7 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.6 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.6 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.6 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23946 | git | HIGH | 2.34.6-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
CVE-2023-25652 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.80.0-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.80.0-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.6 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.6 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.6 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.6 (alpine 3.16.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.6 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.6 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.6 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.5 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.5 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
GHSA-8x6c-cv3v-vp6g | cacheable-request | HIGH | 6.1.0 | 10.2.7 | https://github.com/advisories/GHSA-8x6c-cv3v-vp6g |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.5 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.5 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.5 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.5 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.5 (alpine 3.16.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
GHSA-8x6c-cv3v-vp6g | cacheable-request | HIGH | 6.1.0 | 10.2.7 | https://github.com/advisories/GHSA-8x6c-cv3v-vp6g |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.5 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.5 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.5 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.13.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.4 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.4 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.4 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.80.0-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.80.0-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.4 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.4 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.4 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.4 (alpine 3.16.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.4 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.4 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.4 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.3 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.3 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.3 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.80.0-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.80.0-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.3 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.3 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.3 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.3 (alpine 3.16.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.3 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.3 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.3 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.2 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.2 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.2 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.80.0-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.80.0-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.2 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.2 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.2 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.2 (alpine 3.16.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.2 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.2 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.2 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.1 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.1 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.1 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.80.0-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.80.0-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.1 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.1 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.1 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.1 (alpine 3.16.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.1 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.1 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r5 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r5 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.1 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.13.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.0 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.0 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.0 (alpine 3.15.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r4 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.80.0-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | libcurl | HIGH | 7.80.0-r4 | 7.80.0-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.80.0-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.46.0-r0 | 1.46.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.0 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.0 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.0 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.0 (alpine 3.16.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.0 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.0 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.0 (alpine 3.15.6)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.2.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.50.1 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Latest 1.12.x Gloo Enterprise Release: 1.12.59
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.59 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.59 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.59 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.59 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.59 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.59 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.59 (alpine 3.16.0)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.59 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.59 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.59 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.12.58
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.58 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/rate-limit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.58 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.58 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Vulnerabilities Listed for usr/local/bin/envoyinit
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.58 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/observability
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.58 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/extauth
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.58 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.58 (alpine 3.16.0)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.58 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.58 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-38545 | curl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | curl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-38545 | libcurl | CRITICAL | 8.2.1-r0 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2023-38039 | libcurl | HIGH | 8.2.1-r0 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-4863 | libwebp | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-43787 | libx11 | HIGH | 1.8.4-r1 | 1.8.7-r0 | https://avd.aquasec.com/nvd/cve-2023-43787 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.51.0-r1 | 1.51.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.58 (alpine 3.17.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
Release 1.12.57
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.57 (alpine 3.17.3)
Vulnerability ID |
---|