Navigation :

Gloo Edge Enterprise

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

Latest 1.15.x Gloo Enterprise Release: 1.15.9

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.15.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.8 (alpine 3.17.3)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.8 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.8 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.8 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.8 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.8 (alpine 3.17.3)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.8 (ubuntu 20.04)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.15.8 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.8 (alpine 3.17.3)

Release 1.15.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.7 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.7 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.7 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.7 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.15.7 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.7 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Release 1.15.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.15.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.5 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.5 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.5 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.5 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.5 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.5 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.5 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.15.5 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.5 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.15.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.15.3

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.15.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.2 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.15.2 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.2 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.2 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.2 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.2 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.15.2 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.2 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.2 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.15.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.15.1 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.1 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.15.1 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.15.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.15.0 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.0 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.15.0 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.12.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.56.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Latest 1.14.x Gloo Enterprise Release: 1.14.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.13 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.13 (alpine 3.17.5)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.13 (alpine 3.17.5)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.13 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.13 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.13 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.13 (alpine 3.17.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.13 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.13 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.14.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325

Release 1.14.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.12 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.12 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.12 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.12 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.12 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.12 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.12 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.12 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.12 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.14.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.11 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.11 (alpine 3.17.5)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.11 (alpine 3.17.5)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.11 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.11 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.11 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.11 (alpine 3.17.5)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.11 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.11 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.14.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.10 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.10 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.10 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.10 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.10 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.10 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.10 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.10 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.10 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.14.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.9 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.9 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.9 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.9 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.9 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.9 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.9 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.9 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.9 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.14.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.8 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.8 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.8 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.8 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.8 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.8 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.8 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.8 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.8 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.14.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.7 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.7 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.7 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.7 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.7 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.7 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.7 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.7 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.7 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.14.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.6 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.14.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.5 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.5 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.5 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.5 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.5 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.5 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.5 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.5 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.5 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.14.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.4 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.14.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.3 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.3 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.3 (alpine 3.17.3)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.3 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.3 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.3 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.3 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.3 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.3 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.14.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.2 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.2 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.2 (alpine 3.17.3)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.2 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.2 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.2 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.2 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.2 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.2 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.14.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	curl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.14.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	curl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Latest 1.13.x Gloo Enterprise Release: 1.13.28

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.28 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.28 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.28 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.28 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.28 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.28 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.28 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.28 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.28 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.28 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.27

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.27 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.27 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.27 (alpine 3.17.5)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.27 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.27 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.27 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.27 (alpine 3.17.2)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.27 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.13.27 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.27 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.13.26

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.26 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.26 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.26 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.26 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.26 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.26 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.26 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.26 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.26 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.26 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.25

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.25 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.25 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.25 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.25 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.25 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.25 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.25 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.25 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.25 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.3.0-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.25 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.24

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.24 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.24 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.24 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.24 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.24 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.24 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.24 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.24 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.24 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.24 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.23

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.23 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.23 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.23 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.23 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.23 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.23 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.23 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.23 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.23 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.23 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.22

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.22 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.22 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.22 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.22 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.22 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.22 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.22 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.22 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.22 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.22 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.21

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.21 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.21 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.21 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.21 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.21 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.21 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.21 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.21 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.21 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.21 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.20

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.20 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.20 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.19

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.19 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.19 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.19 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.19 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.19 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.19 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.19 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.19 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.19 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.19 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.18

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.18 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.18 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.18 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.18 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.18 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.18 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.18 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.18 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.1.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.1.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.18 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.17

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.17 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.17 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.17 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.17 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.17 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.17 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.17 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.17 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	curl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.17 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.16

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.16 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.16 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.16 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-25652	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.16 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.16 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.16 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.16 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.16 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	curl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.16 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.15

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.15 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.15 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.15 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-25652	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.15 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.15 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.15 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.15 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.15 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.15 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.14

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.14 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.14 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.14 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-25652	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.14 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.14 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.14 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.14 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.14 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.14 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.13 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-25652	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.13 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.13 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.13 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.13 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.12 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-25652	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.88.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.88.1-r0	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.88.1-r0	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.88.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.88.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.12 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.12 (alpine 3.17.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.12 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.12 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.11 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.11 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.11 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-25652	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.88.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.88.1-r0	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.88.1-r0	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.88.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.88.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.11 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.11 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.11 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.11 (alpine 3.17.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.11 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.11 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.10 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.10 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.10 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-25652	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.38.4-r1	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.88.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.88.1-r0	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.88.1-r0	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.88.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.88.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.10 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.10 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.10 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.10 (alpine 3.17.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.10 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.10 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.9 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.9 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.9 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-25652	git	HIGH	2.38.4-r0	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.38.4-r0	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.87.0-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.87.0-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.87.0-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.9 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.9 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.9 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.9 (alpine 3.17.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.9 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.9 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.8 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.8 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.8 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-25652	git	HIGH	2.38.4-r0	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.38.4-r0	2.38.5-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.87.0-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.87.0-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.87.0-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.8 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.8 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.8 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.8 (alpine 3.17.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.8 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r6	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r6	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r6	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r6	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.8 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.7 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.7 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.7 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23946	git	HIGH	2.34.6-r0	2.34.7-r0	https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652	git	HIGH	2.34.6-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.34.6-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r5	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.7 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.7 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.7 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.7 (alpine 3.17.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.7 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.7 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.6 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.6 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.6 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23946	git	HIGH	2.34.6-r0	2.34.7-r0	https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652	git	HIGH	2.34.6-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.34.6-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r5	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.6 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.6 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.6 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.6 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.6 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.6 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.5 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.5 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
GHSA-8x6c-cv3v-vp6g	cacheable-request	HIGH	6.1.0	10.2.7	https://github.com/advisories/GHSA-8x6c-cv3v-vp6g
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.5 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.5 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.5 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.5 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.5 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
GHSA-8x6c-cv3v-vp6g	cacheable-request	HIGH	6.1.0	10.2.7	https://github.com/advisories/GHSA-8x6c-cv3v-vp6g
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.5 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.5 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.5 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.13.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.4 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.4 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.4 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946	git	HIGH	2.34.5-r0	2.34.7-r0	https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652	git	HIGH	2.34.5-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.34.5-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r5	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.4 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.4 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.4 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.4 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.4 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.4 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.4 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.3 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.3 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.3 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946	git	HIGH	2.34.5-r0	2.34.7-r0	https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652	git	HIGH	2.34.5-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.34.5-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r5	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.3 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.3 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.3 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.3 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.3 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.3 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.3 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.2 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.2 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.2 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946	git	HIGH	2.34.5-r0	2.34.7-r0	https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652	git	HIGH	2.34.5-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.34.5-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r5	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.2 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.2 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.2 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.2 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.2 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.2 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.2 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.1 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.1 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.1 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946	git	HIGH	2.34.5-r0	2.34.7-r0	https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652	git	HIGH	2.34.5-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.34.5-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r5	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.1 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.1 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.1 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.1 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.1 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.1 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.1 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.13.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.0 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946	git	HIGH	2.34.5-r0	2.34.7-r0	https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652	git	HIGH	2.34.5-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007	git	HIGH	2.34.5-r0	2.34.8-r0	https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r4	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.80.0-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.0 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.0 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.0 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.0 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.0 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.0 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.0 (alpine 3.15.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.2.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.2.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.50.1	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Latest 1.12.x Gloo Enterprise Release: 1.12.59

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.59 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.59 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.59 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.59 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.59 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.59 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.59 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.59 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.59 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.59 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.12.58

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.58 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.58 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.58 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.58 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.58 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.58 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.58 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.58 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.58 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.58 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Release 1.12.57

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.57 (alpine 3.17.3)

Vulnerability ID