Gloo Edge Enterprise
Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.
Latest 1.14.x Gloo Enterprise Release: 1.14.4
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.14.3
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.3 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.3 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.3 (alpine 3.17.3)
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.3 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.3 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.3 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.3 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.3 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.3 (alpine 3.17.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.3 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.14.2
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.2 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.2 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.2 (alpine 3.17.3)
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.2 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.2 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.2 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.2 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.2 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.2 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.2 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.14.1
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.1 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.1 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.1 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.1 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.1 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.1 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.1 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.1 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.1 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.1 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.14.0
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.0 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.0 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.0 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.0 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.0 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.0 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.0 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.0 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.0 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.0 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Latest 1.13.x Gloo Enterprise Release: 1.13.18
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.18 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.18 (alpine 3.17.3)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.18 (alpine 3.17.3)
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.18 (alpine 3.17.3)
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.18 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.18 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.18 (alpine 3.17.2)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.18 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.18 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.18 (alpine 3.17.3)
Release 1.13.17
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.17 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.17 (alpine 3.17.3)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.17 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.17 (alpine 3.17.3)
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.17 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.17 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.17 (alpine 3.17.2)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.17 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.17 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.17 (alpine 3.17.3)
Release 1.13.16
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.16 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.16 (alpine 3.17.3)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.16 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.16 (alpine 3.17.3)
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.16 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.16 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.16 (alpine 3.17.2)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.16 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.16 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.16 (alpine 3.17.3)
Release 1.13.15
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.15 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.15 (alpine 3.17.3)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.15 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.15 (alpine 3.17.3)
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.15 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.15 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.15 (alpine 3.17.2)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.15 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.15 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.15 (alpine 3.17.3)
Release 1.13.14
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.14 (alpine 3.17.2)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.14 (alpine 3.17.2)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.14 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.14 (alpine 3.17.2)
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.14 (alpine 3.17.2)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.14 (alpine 3.17.2)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.14 (alpine 3.17.2)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.14 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.14 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.14 (alpine 3.17.2)
Release 1.13.13
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.13 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.13 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.13 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.13 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.13 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.13 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.13 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.13 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.13 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.13 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Release 1.13.12
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.12 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.12 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.12 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.12 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.12 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.12 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.12 (alpine 3.17.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.12 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.12 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.12 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.11
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.11 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.11 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.11 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.11 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.11 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.11 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.11 (alpine 3.17.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.11 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.11 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.11 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.10
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.10 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.10 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.10 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.10 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.10 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.10 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.10 (alpine 3.17.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.10 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.10 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.10 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.9 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.9 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.9 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r0 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r0 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.87.0-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.87.0-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.87.0-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.9 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.9 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.9 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.9 (alpine 3.17.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.9 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.9 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.9 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.8 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.8 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.8 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r0 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r0 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.87.0-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.87.0-r2 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.87.0-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.87.0-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.8 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.8 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.8 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.8 (alpine 3.17.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.8 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.8 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.8 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.7 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.7 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.7 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23946 | git | HIGH | 2.34.6-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.7 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.7 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.7 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.7 (alpine 3.17.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.7 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.7 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.7 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.6 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.6 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.6 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23946 | git | HIGH | 2.34.6-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.6 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.6 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.6 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.6 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.6 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.6 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.6 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.5 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.5 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-8x6c-cv3v-vp6g | cacheable-request | HIGH | 6.1.0 | 10.2.7 | https://github.com/advisories/GHSA-8x6c-cv3v-vp6g |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.5 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.5 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.5 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.5 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.5 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-8x6c-cv3v-vp6g | cacheable-request | HIGH | 6.1.0 | 10.2.7 | https://github.com/advisories/GHSA-8x6c-cv3v-vp6g |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.5 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.5 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.5 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.13.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.4 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.4 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.4 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.4 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.4 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.4 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.4 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.4 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.4 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.4 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.3 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.3 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.3 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.3 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.3 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.3 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.3 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.3 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.3 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.3 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.2 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.2 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.2 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.2 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.2 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.2 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.2 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.2 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.2 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.2 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.1 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.1 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.1 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.1 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.1 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.1 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.1 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.1 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.1 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.1 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.13.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.0 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.0 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.0 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r4 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.80.0-r4 | 7.80.0-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.0 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.0 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.0 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.0 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.0 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.0 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.0 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.2.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Latest 1.12.x Gloo Enterprise Release: 1.12.54
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.54 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.54 (alpine 3.17.3)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.54 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.54 (alpine 3.17.3)
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.54 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.54 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.54 (alpine 3.16.0)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.54 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.54 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.54 (alpine 3.17.3)
Release 1.12.53
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.53 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.53 (alpine 3.17.3)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.53 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.53 (alpine 3.17.3)
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.53 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.53 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.53 (alpine 3.16.0)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.53 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.53 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-28322 | libcurl | CRITICAL | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 8.0.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.4-r1 | 1.2.4-r2 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20221119-r0 | 6.3_p20221119-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.53 (alpine 3.17.3)
Release 1.12.52
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.52 (alpine 3.17.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.52 (alpine 3.17.3)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.52 (alpine 3.17.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-28319 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.88.1-r1 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.52 (alpine 3.17.3)
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.52 (alpine 3.17.3)
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.52 (alpine 3.17.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.52 (alpine 3.16.0)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.52 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.52 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.52 (alpine 3.17.3)
Release 1.12.51
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.51 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.51 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.51 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.51 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.51 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.51 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.51 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.51 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.51 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.51 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Release 1.12.50
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.50 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.50 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.50 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.50 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.50 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.50 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.50 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.50 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.50 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.50 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.49
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.49 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.49 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.49 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-25652 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.38.4-r1 | 2.38.5-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.88.1-r0 | 7.88.1-r1 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.88.1-r0 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.49 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.49 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.49 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.49 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.49 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.49 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r6 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r6 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.49 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.48
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.48 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.48 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.48 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23946 | git | HIGH | 2.34.6-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.48 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.48 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.48 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.48 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.48 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.48 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.48 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.47
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.47 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.47 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.47 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23946 | git | HIGH | 2.34.6-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.6-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.47 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.47 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.47 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.47 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.47 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.47 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.47 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.46
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.46 (alpine 3.15.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.46 (alpine 3.15.0)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.46 (alpine 3.15.0)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.46 (alpine 3.15.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.46 (alpine 3.15.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.46 (alpine 3.15.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.46 (alpine 3.16.0)
No Vulnerabilities Found for Node.js
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.46 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.46 (alpine 3.16.1)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.46 (alpine 3.15.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
Release 1.12.45
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.45 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.45 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.45 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.45 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.45 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.45 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.45 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.45 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.45 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.45 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.44
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.44 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.44 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.44 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.44 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.44 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.44 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.44 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.44 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.44 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.44 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.43
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.43 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.43 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.43 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.43 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.43 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.43 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.43 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.43 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.43 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.43 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.42
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.42 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.42 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.42 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.42 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.42 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.42 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.42 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.42 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.42 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.42 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.41
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.41 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.41 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.41 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r5 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.41 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.41 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.41 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.41 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.41 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.41 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r5 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r5 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r5 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.41 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.40
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.40 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.40 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.40 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r4 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.80.0-r4 | 7.80.0-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.40 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.40 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.40 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.40 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.40 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.40 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.40 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.39
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.39 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.39 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.39 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r4 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.80.0-r4 | 7.80.0-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.39 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.39 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.39 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.39 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.39 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.39 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.39 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.38
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.38 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.38 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.38 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r4 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.80.0-r4 | 7.80.0-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.38 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.38 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.38 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.38 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.38 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.38 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.38 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.37
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.37 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.37 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.37 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r4 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.80.0-r4 | 7.80.0-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.37 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.37 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.37 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.37 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.37 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.37 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.37 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.36
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.36 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.36 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.36 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r4 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.80.0-r4 | 7.80.0-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.36 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.36 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.36 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.36 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.36 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.36 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.36 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.35
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.35 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.35 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.35 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r4 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.80.0-r4 | 7.80.0-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.35 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.35 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.35 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.35 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.35 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.35 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | curl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.35 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220909164309-bea034e7d591 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Release 1.12.34
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.34 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220906165146-f3363e06e74c | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.34 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for Node.js
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
| CVE-2022-25881 | http-cache-semantics | HIGH | 4.1.0 | 4.1.1 | https://avd.aquasec.com/nvd/cve-2022-25881 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220906165146-f3363e06e74c | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.34 (alpine 3.15.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-23521 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-23521 |
| CVE-2022-41903 | git | CRITICAL | 2.34.5-r0 | 2.34.6-r0 | https://avd.aquasec.com/nvd/cve-2022-41903 |
| CVE-2023-23946 | git | HIGH | 2.34.5-r0 | 2.34.7-r0 | https://avd.aquasec.com/nvd/cve-2023-23946 |
| CVE-2023-25652 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-25652 |
| CVE-2023-29007 | git | HIGH | 2.34.5-r0 | 2.34.8-r0 | https://avd.aquasec.com/nvd/cve-2023-29007 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.80.0-r4 | 7.80.0-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-28322 | libcurl | CRITICAL | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28322 |
| CVE-2022-43551 | libcurl | HIGH | 7.80.0-r4 | 7.80.0-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-27535 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27535 |
| CVE-2023-27536 | libcurl | HIGH | 7.80.0-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27536 |
| CVE-2023-28319 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-28321 | libcurl | HIGH | 7.80.0-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28321 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220906165146-f3363e06e74c | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.34 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220906165146-f3363e06e74c | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.34 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220906165146-f3363e06e74c | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.34 (alpine 3.15.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r1 | 1.1.1t-r2 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.7.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220906165146-f3363e06e74c | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.34 (alpine 3.16.0)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerab