Gloo Edge Enterprise results

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.

Latest 1.16.x Gloo Enterprise Release: 1.16.4

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.16.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.3 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.3 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.3 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.3 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.3 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.3 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.3 (ubuntu 20.04)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.16.3 (alpine 3.18.6)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.3 (alpine 3.17.6)

Release 1.16.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.2 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.2 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.2 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.2 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.2 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.2 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.2 (ubuntu 20.04)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.16.2 (alpine 3.18.6)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.2 (alpine 3.17.6)

Release 1.16.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.1 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.1 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.1 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.1 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.1 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.1 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.1 (ubuntu 20.04)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.1 (alpine 3.18.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r1 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-25062 libxml2 HIGH 2.11.6-r0 2.11.7-r0 https://avd.aquasec.com/nvd/cve-2024-25062

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.1 (alpine 3.17.6)

Release 1.16.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.0 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.0 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.0 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.0 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.0 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.0 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.0 (ubuntu 20.04)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.0 (alpine 3.18.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r1 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-25062 libxml2 HIGH 2.11.6-r0 2.11.7-r0 https://avd.aquasec.com/nvd/cve-2024-25062

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.0 (alpine 3.17.6)

Latest 1.15.x Gloo Enterprise Release: 1.15.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.14 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.14 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.14 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.14 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.14 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.14 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.14 (ubuntu 20.04)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.15.14 (alpine 3.18.6)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.14 (alpine 3.17.6)

Release 1.15.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.13 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.13 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.13 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.13 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.13 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.13 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.13 (ubuntu 20.04)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.15.13 (alpine 3.18.6)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.13 (alpine 3.17.6)

Release 1.15.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.12 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.12 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.12 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.12 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.12 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.12 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.12 (ubuntu 20.04)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.12 (alpine 3.18.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r1 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-25062 libxml2 HIGH 2.11.6-r0 2.11.7-r0 https://avd.aquasec.com/nvd/cve-2024-25062

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.12 (alpine 3.17.6)

Release 1.15.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.11 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.11 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.11 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.11 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.11 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.11 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.11 (ubuntu 20.04)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.11 (alpine 3.18.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r1 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-25062 libxml2 HIGH 2.11.6-r0 2.11.7-r0 https://avd.aquasec.com/nvd/cve-2024-25062

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.11 (alpine 3.17.6)

Release 1.15.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.10 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.10 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.10 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.10 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.10 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.10 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.10 (ubuntu 20.04)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.10 (alpine 3.18.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r1 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-25062 libxml2 HIGH 2.11.6-r0 2.11.7-r0 https://avd.aquasec.com/nvd/cve-2024-25062

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.10 (alpine 3.17.6)

Release 1.15.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.9 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.9 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.9 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.9 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.9 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.9 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.9 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.9 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.9 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.15.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.8 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.8 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.8 (ubuntu 20.04)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.8 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.8 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.8 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.8 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.8 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.8 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.15.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.7 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.7 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.7 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.7 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.7 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.7 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
Release 1.15.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.15.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.15.5 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.5 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.5 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.15.5 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.15.5 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.15.5 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.5 (ubuntu 20.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.15.5 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.5 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.15.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.15.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.15.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.15.3

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.15.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.2 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.15.2 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.2 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.2 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.2 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.2 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.15.2 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.2 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.2 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.15.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.15.1 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.1 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.15.1 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.15.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.15.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.15.0 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.15.0 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.15.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.15.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.15.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.15.0 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.15.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.15.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.15.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.12.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.56.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Latest 1.14.x Gloo Enterprise Release: 1.14.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.15 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.15 (alpine 3.17.5)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.15 (alpine 3.17.5)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.15 (alpine 3.17.6)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.15 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.15 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.15 (alpine 3.17.5)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.15 (alpine 3.18.6)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.15 (alpine 3.17.6)

Release 1.14.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.14 (alpine 3.17.6)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.14 (alpine 3.17.5)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.14 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.14 (alpine 3.17.6)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.14 (alpine 3.17.6)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.14 (alpine 3.17.6)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.14 (alpine 3.17.5)

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.14 (alpine 3.18.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r1 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-25062 libxml2 HIGH 2.11.6-r0 2.11.7-r0 https://avd.aquasec.com/nvd/cve-2024-25062

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.14 (alpine 3.17.6)

Release 1.14.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.13 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.13 (alpine 3.17.5)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.13 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.13 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.13 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.13 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.13 (alpine 3.17.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.13 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.13 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.14.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
Release 1.14.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.12 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.12 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.12 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.12 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.12 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.12 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.12 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.12 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.12 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.14.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.11 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.11 (alpine 3.17.5)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.11 (alpine 3.17.5)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.11 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.11 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.11 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.11 (alpine 3.17.5)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.11 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.11 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.14.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.10 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.10 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.10 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.10 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.10 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.10 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.10 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.10 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.10 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.14.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.9 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.9 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.9 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.9 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.9 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.9 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.9 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.9 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.9 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.14.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.8 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.8 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.8 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.8 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.8 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.8 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.8 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.8 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.8 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.14.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.7 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.7 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.7 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.7 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.7 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.7 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.7 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.7 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.7 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.14.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.6 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.14.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.5 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.5 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.5 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.5 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.5 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.5 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.5 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.5 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138 libx11 HIGH 1.8.4-r0 1.8.4-r1 https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787 libx11 HIGH 1.8.4-r0 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.5 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.14.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138 libx11 HIGH 1.8.4-r0 1.8.4-r1 https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787 libx11 HIGH 1.8.4-r0 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.4 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.14.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.3 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.3 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.3 (alpine 3.17.3)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.3 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.3 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.3 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.3 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.14.3 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.3 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.14.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.14.2 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.14.2 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.2 (alpine 3.17.3)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.14.2 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.14.2 (alpine 3.17.3)

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.14.2 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.14.2 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.2 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.2 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.14.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.4-r1 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138 libx11 HIGH 1.8.4-r0 1.8.4-r1 https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787 libx11 HIGH 1.8.4-r0 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.1 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.14.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.14.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.4-r1 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138 libx11 HIGH 1.8.4-r0 1.8.4-r1 https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787 libx11 HIGH 1.8.4-r0 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.14.0 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Latest 1.13.x Gloo Enterprise Release: 1.13.31

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.31 (alpine 3.17.3)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.31 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.31 (alpine 3.17.5)

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.31 (alpine 3.17.3)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.31 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.31 (alpine 3.17.3)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.31 (alpine 3.18.3)

No Vulnerabilities Found for Node.js

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.31 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.13.31 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.31 (alpine 3.17.3)

Release 1.13.30

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.30 (alpine 3.17.3)

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.30 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.30 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.30 (alpine 3.17.3)

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.30 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.30 (alpine 3.17.3)

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.30 (alpine 3.18.3)

No Vulnerabilities Found for Node.js

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.30 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.30 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.30 (alpine 3.17.3)

Release 1.13.29

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.29 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.29 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.29 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.29 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.29 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.29 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.29 (alpine 3.18.3)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.29 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.29 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.29 (alpine 3.17.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.28

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.28 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.28 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.28 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.28 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.28 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.28 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.28 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.28 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.28 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.28 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.27

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.13.27 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.13.27 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.27 (alpine 3.17.5)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.13.27 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.13.27 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.13.27 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.13.27 (alpine 3.17.2)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.27 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.13.27 (alpine 3.17.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.27 (alpine 3.17.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.13.26

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.26 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.26 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.26 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.26 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.26 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.26 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.26 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.26 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.26 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.26 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.25

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.25 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.25 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.25 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.25 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.25 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.25 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.25 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.25 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.25 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.3.0-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.25 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.24

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.24 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.24 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.24 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.24 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.24 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.24 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.24 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.24 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.24 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.24 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.23

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.23 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.23 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.23 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.23 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.23 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.23 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.23 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.23 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.23 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.23 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.22

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.22 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.22 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.22 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.22 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.22 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.22 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.22 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.22 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.22 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.2.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.2.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r1 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.22 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.21

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.21 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.21 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.21 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.21 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.21 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.21 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.21 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.21 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.21 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.21 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.20

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.20 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.20 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.20 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.20 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.20 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.20 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.20 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.20 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.20 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787 libx11 HIGH 1.8.4-r1 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.20 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.19

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.19 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.19 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.19 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.19 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.19 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.19 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.19 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.19 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.19 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.2-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.2-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863 libwebp HIGH 1.2.4-r2 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138 libx11 HIGH 1.8.4-r0 1.8.4-r1 https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787 libx11 HIGH 1.8.4-r0 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.19 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.18

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.18 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.18 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.18 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.0-r1 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.0-r1 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.18 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.18 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.18 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.18 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.18 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.1.0-r1 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 curl HIGH 8.1.0-r1 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.1.0-r1 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039 libcurl HIGH 8.1.0-r1 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.4-r1 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138 libx11 HIGH 1.8.4-r0 1.8.4-r1 https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787 libx11 HIGH 1.8.4-r0 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.18 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.17

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.17 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.17 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.17 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.17 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.17 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.17 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.17 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.17 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.4-r1 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138 libx11 HIGH 1.8.4-r0 1.8.4-r1 https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787 libx11 HIGH 1.8.4-r0 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.17 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.16

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.16 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.16 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.16 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.16 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.16 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.16 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.16 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.16 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 curl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 8.0.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 8.0.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 8.0.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999 libwebp HIGH 1.2.4-r1 1.2.4-r2 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.4-r1 1.2.4-r3 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138 libx11 HIGH 1.8.4-r0 1.8.4-r1 https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787 libx11 HIGH 1.8.4-r0 1.8.7-r0 https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491 ncurses-libs HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20221119-r0 6.3_p20221119-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.16 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.15

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.15 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.15 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.15 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 7.88.1-r1 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.88.1-r1 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.15 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.15 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.15 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.15 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.15 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545 libcurl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.15 (alpine 3.17.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.14

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.14 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.14 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.14 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 7.88.1-r1 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.88.1-r1 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.14 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.14 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.14 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.14 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.14 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545 libcurl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.14 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 7.88.1-r1 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319 libcurl HIGH 7.88.1-r1 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.88.1-r1 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.13 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545 libcurl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.13 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 7.88.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.88.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.12 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.12 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545 libcurl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.12 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.11 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.11 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.11 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 7.88.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.88.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.11 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.11 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.11 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.11 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.11 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545 libcurl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.11 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.10 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.10 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.10 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r1 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 7.88.1-r0 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.88.1-r0 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.88.1-r0 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.88.1-r0 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.10 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.10 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.10 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.10 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.10 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545 libcurl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.10 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.9 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.9 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.9 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r0 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r0 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 7.87.0-r2 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.87.0-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.87.0-r2 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.9 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.9 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.9 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.9 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.9 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545 libcurl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.9 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.8 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.8 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.8 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-25652 git HIGH 2.38.4-r0 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.38.4-r0 2.38.5-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545 libcurl CRITICAL 7.87.0-r2 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.87.0-r2 7.88.1-r1 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.87.0-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.87.0-r2 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-52425 libexpat HIGH 2.5.0-r0 2.6.0-r0 https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-35945 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.51.0-r0 1.51.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.8 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.8 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.8 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.8 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.8 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-38545 curl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-38545 libcurl CRITICAL 7.83.1-r6 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r6 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r6 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r6 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.8 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.7 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.7 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.7 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23946 git HIGH 2.34.6-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.80.0-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.80.0-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.7 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.7 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.7 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.7 (alpine 3.17.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.7 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.7 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.6 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.6 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.6 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23946 git HIGH 2.34.6-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.6-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.80.0-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.80.0-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.6 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.6 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.6 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.6 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.6 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.6 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.5 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.5 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
GHSA-8x6c-cv3v-vp6g cacheable-request HIGH 6.1.0 10.2.7 https://github.com/advisories/GHSA-8x6c-cv3v-vp6g
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.5 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.5 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.5 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.5 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.5 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
GHSA-8x6c-cv3v-vp6g cacheable-request HIGH 6.1.0 10.2.7 https://github.com/advisories/GHSA-8x6c-cv3v-vp6g
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.5 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.5 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.5 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.13.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.4 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.4 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.4 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.80.0-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.80.0-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.4 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.4 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.4 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.4 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.4 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.4 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.3 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.3 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.3 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.80.0-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.80.0-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.3 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.3 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.3 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.3 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.3 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.3 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.3 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.2 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.2 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.2 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.80.0-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.80.0-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.2 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.2 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.2 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.2 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.2 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.2 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.1 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.1 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r5 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.80.0-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.80.0-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.80.0-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.1 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.1 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.1 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.1 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.1 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r5 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r5 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r5 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r5 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r5 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.1 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
Release 1.13.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.13.0 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.13.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.13.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-23521 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-23521
CVE-2022-41903 git CRITICAL 2.34.5-r0 2.34.6-r0 https://avd.aquasec.com/nvd/cve-2022-41903
CVE-2023-23946 git HIGH 2.34.5-r0 2.34.7-r0 https://avd.aquasec.com/nvd/cve-2023-23946
CVE-2023-25652 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-25652
CVE-2023-29007 git HIGH 2.34.5-r0 2.34.8-r0 https://avd.aquasec.com/nvd/cve-2023-29007
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.80.0-r4 7.80.0-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.80.0-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 libcurl HIGH 7.80.0-r4 7.80.0-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.80.0-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.80.0-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.80.0-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-35945 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.46.0-r0 1.46.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.13.0 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.13.0 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.13.0 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.13.0 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25881 http-cache-semantics HIGH 4.1.0 4.1.1 https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.13.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.13.0 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.13.0 (alpine 3.15.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r1 1.1.1t-r2 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-41723 golang.org/x/net HIGH v0.2.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.2.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.50.1 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g