Gloo Edge Enterprise

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

Latest 1.11.x Gloo Enterprise Release: 1.11.11

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.11.10

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.11.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.9 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.9 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/gloo

No Vulnerabilities Found for usr/local/bin/js/package-lock.json

No Vulnerabilities Found for usr/local/bin/js/yarn.lock

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.9 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.9 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.9 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.9 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.9 (alpine 3.15.4)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

No Vulnerabilities Found for usr/local/bin/js/package-lock.json

No Vulnerabilities Found for usr/local/bin/js/yarn.lock

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.9 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.9 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.11.8

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.11.7

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.11.6

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.11.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.5 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.5 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

No Vulnerabilities Found for usr/local/bin/js/package-lock.json

No Vulnerabilities Found for usr/local/bin/js/yarn.lock

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.5 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.5 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.5 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.5 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.5 (alpine 3.15.4)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

No Vulnerabilities Found for usr/local/bin/js/package-lock.json

No Vulnerabilities Found for usr/local/bin/js/yarn.lock

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.5 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.5 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.11.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.4 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.4 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

No Vulnerabilities Found for usr/local/bin/js/package-lock.json

No Vulnerabilities Found for usr/local/bin/js/yarn.lock

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.4 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.4 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.4 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.4 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.4 (alpine 3.15.4)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

No Vulnerabilities Found for usr/local/bin/js/package-lock.json

No Vulnerabilities Found for usr/local/bin/js/yarn.lock

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.4 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.4 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.11.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.3 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.3 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

No Vulnerabilities Found for usr/local/bin/js/package-lock.json

No Vulnerabilities Found for usr/local/bin/js/yarn.lock

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.3 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.3 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.3 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.3 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.3 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.3 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.3 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.11.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.2 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.2 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

No Vulnerabilities Found for usr/local/bin/js/package-lock.json

No Vulnerabilities Found for usr/local/bin/js/yarn.lock

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.2 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.2 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.2 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.2 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.2 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.2 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.2 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.11.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.1 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.1 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

No Vulnerabilities Found for usr/local/bin/js/package-lock.json

No Vulnerabilities Found for usr/local/bin/js/yarn.lock

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.1 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.1 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.1 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.1 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.1 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.1 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.11.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.0 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.0 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

No Vulnerabilities Found for usr/local/bin/js/package-lock.json

No Vulnerabilities Found for usr/local/bin/js/yarn.lock

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.0 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.0 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.0 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.0 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.0 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.0 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Latest 1.10.x Gloo Enterprise Release: 1.10.23

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.10.22

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.10.22 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.10.22 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.22 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.10.22 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.10.22 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.10.22 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.10.22 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.22 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.10.22 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.22 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.10.21

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.10.21 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.10.21 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.21 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.10.21 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.10.21 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.10.21 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.10.21 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.21 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.21 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.21 (alpine 3.13.8)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.10.20

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.10.20 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.10.20 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.20 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.10.20 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.10.20 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.10.20 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.10.20 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.20 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.10.20 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.20 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.19

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.10.19 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.10.19 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.19 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.10.19 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.10.19 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.10.19 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.10.19 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.19 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.10.19 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.19 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.18

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.10.18 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.10.18 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.18 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.10.18 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.10.18 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.10.18 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.10.18 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.18 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.18 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.17

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.17 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.17 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.17 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.17 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.17 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.17 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.17 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.17 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.17 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.16

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.16 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.16 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.16 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.16 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.16 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.16 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.16 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.16 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.16 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.15

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.15 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.15 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.15 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.15 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.15 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.15 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.15 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.15 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.15 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.14

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.14 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.14 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.14 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.14 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.14 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.14 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.14 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.14 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.14 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.14 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.13 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.13 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.13 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.13 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.13 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.13 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.13 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.13 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.13 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.13 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.12 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.12 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.12 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.12 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.11 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.11 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.11 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.11 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.10 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.10 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.10 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.10 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.9 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.9 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.9 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.9 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.8 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.8 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.8 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.8 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.7 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.7 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.7 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.7 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.6 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.6 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-25235 expat CRITICAL 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2022-25314 expat HIGH 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.6 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.6 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.5 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.5 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-25235 expat CRITICAL 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2022-25314 expat HIGH 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.5 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.5 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.4 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.4 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-25235 expat CRITICAL 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2022-25314 expat HIGH 2.4.4-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.4 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.3 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.3 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-23852 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2022-25314 expat HIGH 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.3 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.3 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.2 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.2 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-23852 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2022-25314 expat HIGH 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.2 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-23852 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2022-25314 expat HIGH 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.1 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.10.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.10.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.10.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.10.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-22822 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22822
CVE-2022-22823 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22823
CVE-2022-22824 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22824
CVE-2022-23852 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2021-45960 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-45960
CVE-2021-46143 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-46143
CVE-2022-22825 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22825
CVE-2022-22826 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22826
CVE-2022-22827 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22827
CVE-2022-25314 expat HIGH 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.10.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.10.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.10.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.10.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.10.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.10.0 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.10.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210920023735-84f357641f63 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Latest 1.9.x Gloo Enterprise Release: 1.9.18

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.9.17

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.9.17 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.9.17 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.17 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.9.17 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.9.17 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.9.17 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.9.17 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.9.17 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.17 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.16

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.9.16 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.9.16 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.16 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.9.16 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.9.16 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.9.16 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.9.16 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.16 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.16 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.9.15 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.9.15 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.15 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.9.15 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.9.15 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.9.15 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.9.15 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.15 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.15 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.14

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.14 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.14 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.14 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.14 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.13 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.13 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.13 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.13 (alpine 3.13.8)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.12 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.12 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.12 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.12 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.11 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.11 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.11 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.11 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.11 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.10 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.10 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-23852 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2022-25314 expat HIGH 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.10 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.10 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.10 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.9 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.9 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-23852 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2022-25314 expat HIGH 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.9 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.9 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.9 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.8 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.8 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-23852 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2022-25314 expat HIGH 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.8 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.8 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.8 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.7 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.7 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-22822 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22822
CVE-2022-22823 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22823
CVE-2022-22824 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22824
CVE-2022-23852 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2021-45960 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-45960
CVE-2021-46143 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-46143
CVE-2022-22825 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22825
CVE-2022-22826 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22826
CVE-2022-22827 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22827
CVE-2022-25314 expat HIGH 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.7 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.7 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.7 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.6 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.6 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-22822 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22822
CVE-2022-22823 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22823
CVE-2022-22824 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22824
CVE-2022-23852 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2021-45960 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-45960
CVE-2021-46143 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-46143
CVE-2022-22825 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22825
CVE-2022-22826 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22826
CVE-2022-22827 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22827
CVE-2022-25314 expat HIGH 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.6 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.6 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.6 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-22822 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22822
CVE-2022-22823 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22823
CVE-2022-22824 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22824
CVE-2022-23852 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2021-45960 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-45960
CVE-2021-46143 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-46143
CVE-2022-22825 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22825
CVE-2022-22826 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22826
CVE-2022-22827 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22827
CVE-2022-25314 expat HIGH 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.5 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.5 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.5 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-22822 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22822
CVE-2022-22823 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22823
CVE-2022-22824 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22824
CVE-2022-23852 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2021-45960 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-45960
CVE-2021-46143 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-46143
CVE-2022-22825 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22825
CVE-2022-22826 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22826
CVE-2022-22827 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22827
CVE-2022-25314 expat HIGH 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.4 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.4 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-22822 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22822
CVE-2022-22823 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22823
CVE-2022-22824 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22824
CVE-2022-23852 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2021-45960 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-45960
CVE-2021-46143 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-46143
CVE-2022-22825 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22825
CVE-2022-22826 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22826
CVE-2022-22827 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22827
CVE-2022-25314 expat HIGH 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.3 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.3 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.3 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.2 (alpine 3.14.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.2 (alpine 3.14.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-22822 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22822
CVE-2022-22823 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22823
CVE-2022-22824 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22824
CVE-2022-23852 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2021-45960 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-45960
CVE-2021-46143 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-46143
CVE-2022-22825 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22825
CVE-2022-22826 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22826
CVE-2022-22827 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22827
CVE-2022-25314 expat HIGH 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.2 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.2 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.1 (alpine 3.14.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.1 (alpine 3.14.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-22822 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22822
CVE-2022-22823 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22823
CVE-2022-22824 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22824
CVE-2022-23852 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2021-45960 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-45960
CVE-2021-46143 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-46143
CVE-2022-22825 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22825
CVE-2022-22826 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22826
CVE-2022-22827 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22827
CVE-2022-25314 expat HIGH 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.1 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.1 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.9.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.9.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.9.0 (alpine 3.14.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.9.0 (alpine 3.14.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-22822 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22822
CVE-2022-22823 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22823
CVE-2022-22824 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22824
CVE-2022-23852 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2021-45960 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-45960
CVE-2021-46143 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-46143
CVE-2022-22825 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22825
CVE-2022-22826 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22826
CVE-2022-22827 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22827
CVE-2022-25314 expat HIGH 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.9.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.9.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.9.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.9.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.9.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.9.0 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.9.0 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Latest 1.8.x Gloo Enterprise Release: 1.8.27

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.8.27 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.8.27 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.8.27 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.8.27 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.8.27 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.8.27 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.8.27 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.8.27 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.8.27 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.8.27 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.8.26

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.8.26 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.8.26 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.8.26 (alpine 3.15.0)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.8.26 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.8.26 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.8.26 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.8.26 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.8.26 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.8.26 (alpine 3.13.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.8.26 (alpine 3.13.8)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.8.25

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.8.25 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.8.25 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.8.25 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-24765 git HIGH 2.34.1-r0 2.34.2-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.8.25 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.8.25 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.8.25 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.8.25 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.8.25 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.8.25 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.8.25 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.8.24

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.8.24 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.8.24 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.8.24 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-23852 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.3-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2022-25314 expat HIGH 2.4.3-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.8.24 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.8.24 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.8.24 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.8.24 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-25741 k8s.io/kubernetes HIGH v1.19.6 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.8.24 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.14 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.8.24 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.8.24 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191
Release 1.8.23

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.8.23 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.8.23 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.11 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.8.23 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-22822 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22822
CVE-2022-22823 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22823
CVE-2022-22824 expat CRITICAL 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22824
CVE-2022-23852 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23852
CVE-2022-23990 expat CRITICAL 2.4.1-r0 2.4.4-r0 https://avd.aquasec.com/nvd/cve-2022-23990
CVE-2022-25235 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25235
CVE-2022-25236 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25236
CVE-2022-25315 expat CRITICAL 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25315
CVE-2021-45960 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-45960
CVE-2021-46143 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2021-46143
CVE-2022-22825 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22825
CVE-2022-22826 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22826
CVE-2022-22827 expat HIGH 2.4.1-r0 2.4.3-r0 https://avd.aquasec.com/nvd/cve-2022-22827
CVE-2022-25314 expat HIGH 2.4.1-r0 2.4.5-r0 https://avd.aquasec.com/nvd/cve-2022-25314
CVE-2022-24765 git HIGH 2.32.0-r0 2.32.1-r0 https://avd.aquasec.com/nvd/cve-2022-24765
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.8.23 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.8.23 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220315160706-3147a52a75dd https://avd.aquasec.com/nvd/cve-2022-27191

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.8.23 (alpine 3.13.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032