Navigation :

Gloo Edge Enterprise

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

Latest 1.13.x Gloo Enterprise Release: 1.13.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.4 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.4 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.4 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.4 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.4 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.4 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.4 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.13.4 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.4 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.13.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.3 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.3 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.3 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.3 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.3 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.3 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.3 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.13.3 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.3 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.13.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.2 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.2 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.2 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.2 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.2 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.2 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.2 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.13.2 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.2 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.13.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.1 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.1 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.1 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.1 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.1 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.1 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.1 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.13.1 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.1 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.13.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.0 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.0 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.0 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.0 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.0 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.0 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.0 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.0 (alpine 3.15.6)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Latest 1.12.x Gloo Enterprise Release: 1.12.45

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.45 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.45 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.45 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.45 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.45 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.45 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.45 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.45 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.45 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.45 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.44

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.44 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.44 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.44 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.44 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.44 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.44 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.44 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.44 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.44 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.44 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.43

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.43 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.43 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.43 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.43 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.43 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.43 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.43 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.43 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.43 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.43 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.42

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.42 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.42 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.42 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.42 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.42 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.41

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.41 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.41 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.41 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.41 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.41 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.40

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.40 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.40 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.40 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.40 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.40 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.39

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.39 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.39 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.39 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.39 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.39 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.38

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.38 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.38 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.38 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.38 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.38 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.37

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.37 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.37 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.37 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.37 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.37 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.36

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.36 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.36 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.36 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.36 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.36 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.35

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.35 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.35 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.35 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.35 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.35 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.35 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.35 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.35 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.35 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.35 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220909164309-bea034e7d591	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.34

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.34 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.34 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.34 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.34 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.34 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.34 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.34 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.34 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.34 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.34 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.33

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.33 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.33 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.33 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.33 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.33 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.33 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.33 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.33 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.33 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.33 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.12.32

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.32 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.32 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.32 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.32 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.32 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.32 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.32 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.32 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.32 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.32 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.31

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.31 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.31 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.31 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.31 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.31 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.31 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.31 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.31 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.31 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.31 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.30

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.30 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.30 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.30 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.30 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.30 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.30 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.30 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.30 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.30 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.30 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.29

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.29 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.29 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.29 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.29 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.29 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.29 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.29 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.29 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.29 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.29 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.28

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.28 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.28 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.28 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.28 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.28 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.28 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.28 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.28 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.28 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.28 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.27

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.12.26

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.26 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.26 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.26 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.26 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.26 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.26 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.26 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.26 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.26 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.26 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.25

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.25 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.25 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.25 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.25 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.25 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.25 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.25 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.25 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.25 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.25 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.24

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.24 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.24 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.24 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.24 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.24 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.24 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.24 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.24 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.24 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.24 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.23

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.23 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.23 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.23 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.23 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.23 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.23 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.23 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.23 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.23 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.23 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.22

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.22 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.22 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.22 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.22 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.22 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.22 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.22 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.22 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.22 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.22 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.21

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.21 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.21 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.21 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.21 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.21 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.21 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.21 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.21 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.21 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.21 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.20

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.20 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.20 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.20 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.20 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.20 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.20 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.19

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.19 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.19 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.19 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.19 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.19 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.19 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.18

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.18 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.18 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.18 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.18 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.18 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.17

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.17 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.17 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.17 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.17 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.17 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.16

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.16 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.16 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.16 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.16 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.16 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220425223048-2871e0cb64e4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.15 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.15 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.15 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.15 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.15 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.14 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.14 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.14 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.14 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.14 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.13 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.13 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.13 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.13 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.13 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.12 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.12 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.12 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.12 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.12 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.11 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.11 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.11 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.11 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.11 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.10 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.10 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.10 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.10 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.10 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.9 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.9 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.9 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.9 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.9 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.8 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.8 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.8 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.8 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.8 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.7 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.7 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.7 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.7 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.7 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.6

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.6 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.6 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.6 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.6 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.6 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.5 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.5 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.5 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.5 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.5 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.4 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.4 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.4 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.4 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.4 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.3 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.3 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.3 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.3 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.3 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.2 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.2 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.2 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.2 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.2 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.1 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.1 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.1 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.1 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.1 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.1 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.1 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.1 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.1 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.12.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.0 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.0 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.0 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.0 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.0 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.0 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.0 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Latest 1.11.x Gloo Enterprise Release: 1.11.50

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.50 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.50 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.50 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.50 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.50 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.50 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.50 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.50 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.11.50 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.50 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.11.49

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.49 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.49 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.49 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.49 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.49 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.49 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.49 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.49 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.49 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.49 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.11.48

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.48 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.48 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.48 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-23521	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.5-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-43551	libcurl	HIGH	7.80.0-r4	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.48 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.48 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.48 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.48 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.48 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.48 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.48 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721

Release 1.11.47

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.47 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.47 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.47 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.47 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.47 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.47 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.47 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.47 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.47 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.47 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.46

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.46 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.46 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.46 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.46 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.46 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.46 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.46 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.46 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.46 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.46 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.45

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.45 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.45 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.45 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.45 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.45 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.45 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.45 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.45 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.45 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.45 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20221002022538-bcab6841153b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.44

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.11.43

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.43 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.43 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.43 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.43 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.43 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.43 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.43 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.43 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.43 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.43 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220225172249-27dd8689420f	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.42

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.42 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.42 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-43680	expat	HIGH	2.4.9-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.42 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.42 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.42 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.42 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.41

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.41 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.41 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.41 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.41 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.41 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.41 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.40

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.40 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.40 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.40 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.40 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.40 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.40 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.39

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.39 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.39 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.39 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.39 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.39 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.39 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.38

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.38 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.38 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r3	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r3	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.38 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.38 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.38 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.38 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.37

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.37 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.37 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.37 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.37 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.37 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.37 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.36

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.36 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.36 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.36 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.36 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.36 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.36 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.35

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.35 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.35 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.42.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.35 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.35 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.35 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.35 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.34

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.34 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.34 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.34 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.34 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.34 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.34 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.33

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.33 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.33 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.33 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.33 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.33 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.33 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.32

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.11.32 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.32 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.11.32 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.32 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.32 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.32 (alpine 3.15.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.31

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.31 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.31 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.31 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.31 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.31 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.31 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.31 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.31 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.31 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.31 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.30

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.30 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.30 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.30 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.30 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.30 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.30 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.30 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.30 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.30 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.30 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.29

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.29 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.29 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.29 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.4-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-39260	git	HIGH	2.34.4-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.29 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.29 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-36085	github.com/open-policy-agent/opa	CRITICAL	v0.40.0	0.44.0	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.29 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.29 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.29 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.29 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.29 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220107192237-5cfca573fb4d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.28

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.28 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.28 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.28 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-39260	git	HIGH	2.34.2-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.28 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.28 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.28 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.28 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.28 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.28 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.28 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.27

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.27 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.27 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.27 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-39260	git	HIGH	2.34.2-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.27 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.27 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.27 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.27 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.27 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.27 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.27 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.26

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.26 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.26 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.26 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-39260	git	HIGH	2.34.2-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.26 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.26 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.26 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.26 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.26 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.26 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.26 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.25

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.25 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.25 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.25 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-39260	git	HIGH	2.34.2-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r2	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r2	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.25 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.25 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.25 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.25 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.25 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.25 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.25 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.24

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.24 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.24 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.24 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-39260	git	HIGH	2.34.2-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42916	libcurl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r1	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.24 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.24 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.24 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.24 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.24 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.24 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.24 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.23

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.23 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.11.23 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.11.23 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40674	expat	CRITICAL	2.4.7-r0	2.4.9-r0	https://avd.aquasec.com/nvd/cve-2022-40674
CVE-2022-43680	expat	HIGH	2.4.7-r0	2.5.0-r0	https://avd.aquasec.com/nvd/cve-2022-43680
CVE-2022-23521	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903	git	CRITICAL	2.34.2-r0	2.34.6-r0	https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2022-29187	git	HIGH	2.34.2-r0	2.34.4-r0	https://avd.aquasec.com/nvd/cve-2022-29187
CVE-2022-39260	git	HIGH	2.34.2-r0	2.34.5-r0	https://avd.aquasec.com/nvd/cve-2022-39260
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2022-42915	libcurl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42916	libcurl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r1	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.11.23 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.11.23 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.11.23 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.11.23 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.11.23 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.11.23 (alpine 3.13.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27781	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.11.23 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20211205041911-012df41ee64c	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Release 1.11.22

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.11.22 (alpine 3.13.10)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.32.1-r8	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-30065	ssl_client	HIGH	1.32.1-r8	1.32.1-r9