Gloo Edge Enterprise

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

Latest 1.14.x Gloo Enterprise Release: 1.14.4

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.14.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.3 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.3 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.3 (alpine 3.17.3)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.3 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.3 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.3 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.3 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.3 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.3 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.14.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.2 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.2 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.2 (alpine 3.17.3)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.2 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.2 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.2 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.2 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.2 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.2 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.14.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.1 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.1 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.1 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.1 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.1 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.1 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.1 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.14.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.0 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.0 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.0 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.0 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.0 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.0 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.0 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Latest 1.13.x Gloo Enterprise Release: 1.13.18

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.18 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.18 (alpine 3.17.3)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.18 (alpine 3.17.3)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.18 (alpine 3.17.3)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.18 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.18 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.18 (alpine 3.17.2)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.18 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.18 (alpine 3.17.3)

Release 1.13.17

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.17 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.17 (alpine 3.17.3)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.17 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.17 (alpine 3.17.3)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.17 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.17 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.17 (alpine 3.17.2)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.17 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.17 (alpine 3.17.3)

Release 1.13.16

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.16 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.16 (alpine 3.17.3)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.16 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.16 (alpine 3.17.3)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.16 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.16 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.16 (alpine 3.17.2)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.16 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.16 (alpine 3.17.3)

Release 1.13.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.15 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.15 (alpine 3.17.3)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.15 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-28322 libcurl CRITICAL 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.15 (alpine 3.17.3)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.15 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.15 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.15 (alpine 3.17.2)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.15 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.15 (alpine 3.17.3)

Release 1.13.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.14 (alpine 3.17.2)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.14 (alpine 3.17.2)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.14 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-28322 libcurl CRITICAL 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.14 (alpine 3.17.2)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.14 (alpine 3.17.2)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.14 (alpine 3.17.2)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.14 (alpine 3.17.2)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.14 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.14 (alpine 3.17.2)

Release 1.13.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.13 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
Release 1.13.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.12 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.12 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.11 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.11 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.11 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.11 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.11 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.11 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.11 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.11 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.11 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.10 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.10 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.10 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.10 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.10 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.10 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.10 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.10 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.10 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.9 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.9 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.9 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r0 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r0 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.87.0-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.87.0-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.87.0-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.9 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.9 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.9 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.9 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.9 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.9 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.8 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.8 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.8 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r0 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r0 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.87.0-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.87.0-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.87.0-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.8 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.8 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.8 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.8 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.8 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.8 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.7 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.7 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.7 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23946 git HIGH 2.34.6-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.7 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.7 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.7 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.7 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.7 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.7 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.6 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.6 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.6 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23946 git HIGH 2.34.6-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.6 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.6 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.6 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.6 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.6 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.6 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.5 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.5 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
GHSA-8x6c-cv3v-vp6g cacheable-request HIGH 6.1.0 10.2.7 https://github.com/advisories/GHSA-8x6c-cv3v-vp6g
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.5 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.5 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.5 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.5 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.5 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
GHSA-8x6c-cv3v-vp6g cacheable-request HIGH 6.1.0 10.2.7 https://github.com/advisories/GHSA-8x6c-cv3v-vp6g
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.5 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.5 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.5 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.13.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.4 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.4 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.4 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.4 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.4 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.4 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.4 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.4 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.4 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.3 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.3 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.3 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.3 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.3 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.3 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.3 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.3 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.3 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.3 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.2 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.2 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.2 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.2 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.2 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.2 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.2 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.2 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.2 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.1 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.1 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.1 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.1 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.1 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.1 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.1 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.13.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.0 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r4 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.80.0-r4 7.80.0-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.0 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.0 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.0 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.0 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.0 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.0 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Latest 1.12.x Gloo Enterprise Release: 1.12.54

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.54 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.54 (alpine 3.17.3)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.54 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.54 (alpine 3.17.3)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.54 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.54 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.54 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.54 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.54 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.54 (alpine 3.17.3)

Release 1.12.53

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.53 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.53 (alpine 3.17.3)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.53 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.53 (alpine 3.17.3)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.53 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.53 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.53 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.53 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.53 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-28322 libcurl CRITICAL 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.53 (alpine 3.17.3)

Release 1.12.52

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.52 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.52 (alpine 3.17.3)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.52 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-28322 libcurl CRITICAL 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-28319 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.52 (alpine 3.17.3)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.52 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.52 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.52 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.52 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.52 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.52 (alpine 3.17.3)

Release 1.12.51

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.51 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.51 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.51 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.51 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.51 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.51 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.51 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.51 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.51 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.51 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
Release 1.12.50

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.50 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.50 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.50 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.50 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.50 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.50 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.50 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.50 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.50 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.50 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.49

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.49 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.49 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.49 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.49 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.49 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.49 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.49 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.49 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.49 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28322 curl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-28322 libcurl CRITICAL 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.49 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.48

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.48 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.48 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.48 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23946 git HIGH 2.34.6-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.48 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.48 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.48 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.48 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.48 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.48 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.48 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.47

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.47 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.47 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.47 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23946 git HIGH 2.34.6-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.47 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.47 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.47 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.47 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.47 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.47 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.47 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.46

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.12.46 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.12.46 (alpine 3.15.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.46 (alpine 3.15.0)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.12.46 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.12.46 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.12.46 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.12.46 (alpine 3.16.0)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.46 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.12.46 (alpine 3.16.1)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.46 (alpine 3.15.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
Release 1.12.45

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.45 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.45 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.45 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.45 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.45 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.45 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.45 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.45 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.45 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.45 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.44

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.44 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.44 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.44 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.44 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.44 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.44 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.44 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.44 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.44 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.44 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.43

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.43 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.43 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.43 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.43 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.43 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.43 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.43 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.43 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.43 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.43 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.42

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.42 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.42 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.42 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.42 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.42 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.42 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.42 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.42 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.42 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.42 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.41

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.41 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.41 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.41 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.41 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.41 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.41 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.41 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.41 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.41 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.41 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.40

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.40 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.40 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.40 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r4 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.80.0-r4 7.80.0-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.40 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.40 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.40 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.40 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.40 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.40 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.40 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.39

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.39 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.39 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.39 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r4 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.80.0-r4 7.80.0-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.39 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.39 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.39 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.39 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.39 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.39 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.39 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.38

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.38 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.38 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.38 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r4 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.80.0-r4 7.80.0-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.38 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.38 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.38 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.38 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.38 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.38 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.38 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.37

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.37 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.37 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.37 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r4 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.80.0-r4 7.80.0-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.37 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.37 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.37 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.37 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.37 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.37 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.37 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.36

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.36 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.36 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.36 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r4 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.80.0-r4 7.80.0-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.36 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.36 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.36 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.36 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.36 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.36 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.36 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.35

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.35 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.35 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.35 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r4 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.80.0-r4 7.80.0-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.35 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.35 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.35 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.35 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.12.35 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.12.35 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 curl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.12.35 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220909164309-bea034e7d591 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
Release 1.12.34

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.12.34 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220906165146-f3363e06e74c 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.12.34 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220906165146-f3363e06e74c 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.12.34 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r4 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-28322 libcurl CRITICAL 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28322
CVE-2022-43551 libcurl HIGH 7.80.0-r4 7.80.0-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-27535 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27535
CVE-2023-27536 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27536
CVE-2023-28319 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-28321 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28321
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220906165146-f3363e06e74c 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.12.34 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220906165146-f3363e06e74c 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.12.34 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220906165146-f3363e06e74c 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.12.34 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.7.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220906165146-f3363e06e74c 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.12.34 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerab