Security and CVE report

Gloo Platform container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

How does Solo fix CVEs?

For OS vulnerabilities that are part of the Istio image, Solo waits for the CVE patch to be provided by the Istio community before releasing a new Solo image. According to the Istio CVE policy, critical CVEs that are found in Istio or that are exploitable through Istio are fixed by the Istio community as soon as possible, and released outside the regular release cycle. Fixes for non-critical CVEs are usually provided as part of the regular Istio release cycle.

For vulnerabilities that are found in a component that Solo controls, such as the image for the Gloo management server, Solo is responsible to provide a security patch. The patch is released as soon as it is available, independently from any Istio release.

Security and CVE scan

Latest 2.4.x gloo mesh enterprise Release: 2.4.5

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.5 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.5 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
Release 2.4.4

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.4 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.4 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.4 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.4 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.4 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.4 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.4 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.4 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.15.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
Release 2.4.3

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.3 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.3 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.3 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.3 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.3 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.3 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.3 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.3 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
Release 2.4.2

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.2 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.2 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.2 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.2 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.2 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.2 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.2 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.2 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
Release 2.4.1

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.1 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.1 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.1 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.1 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.1 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.1 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.1 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-28840 github.com/docker/docker HIGH v23.0.1+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.1 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.13.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230824050558-a835e9cca9eb 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
Release 2.4.0

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.0 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.0 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.0 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.11.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.0 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.11.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.0 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.11.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.0 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.11.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.0 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.11.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.0 (alpine 3.18.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.2-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.11.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.54.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20230403164233-3e857775086a 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

Latest 2.3.x gloo mesh enterprise Release: 2.3.22

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.22 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.22 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.22 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.22 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.22 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.22 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.22 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.21

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.21 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.21 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.21 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.21 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.21 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.21 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.21 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.20

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.20 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.20 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.20 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.20 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.20 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.20 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.20 (alpine 3.18.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.1.3-r0 3.1.4-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.19

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.19 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.19 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.19 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.19 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.19 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.19 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.19 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.18

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.18 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.18 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.18 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.18 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.18 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.18 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.18 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.11-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.17

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.17 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.17 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.17 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.17 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.17 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.17 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.17 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.16

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.16 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.16 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.16 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.16 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.16 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.16 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.16 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.15

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.15 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.15 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.15 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.15 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.15 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.15 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.15 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.14

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.14 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.14 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.14 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.14 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.14 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.14 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.14 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.13

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.13 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.13 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.13 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.13 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.13 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.13 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.13 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.12

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.12 (alpine 3.17.5)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.12 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.12 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.12 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.12 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.12 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.12 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.10-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.11

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.11 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.11 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.11 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.11 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.11 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.11 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.11 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-39325 golang.org/x/net HIGH v0.8.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.10

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.10 (alpine 3.17.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.10 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.10 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.10 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.10 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.10 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.10 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.9

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.9 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.9 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.9 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.9 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.9 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.9 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.9 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.8

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.8 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.8 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.8 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.8 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.8 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.8 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.8 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.7

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.7 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.7 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.7 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.7 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.7 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.7 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.7 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.6

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.6 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.6 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.6 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.6 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.6 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.6 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.6 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.5

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.5 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.5 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.5 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.5 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.5 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.5 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.5 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.4

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.4 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.4 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.4 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.4 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.4 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.4 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.9-r1 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.3

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.3 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.3 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.3 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.3 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.3 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.3 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.3 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.2

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.2 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.2 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.2 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.2 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.2 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.2 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.1

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.1 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.1 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.1 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.1 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.1 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.1 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r4 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.3.0

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.0 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.0 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.0 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.0 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.0 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.0 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363 libssl3 HIGH 3.0.8-r3 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.12.3 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2023-39325 golang.org/x/net HIGH v0.7.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20221208171804-952b2e8bc4b0 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Latest 2.2.x gloo mesh enterprise Release: 2.2.9

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.9 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.9 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.9 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.9 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.9 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-3676 k8s.io/kubernetes HIGH v1.23.7 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.23.7 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.23.7 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.9 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.2.8

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.8 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.8 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.8 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.8 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.8 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-3676 k8s.io/kubernetes HIGH v1.23.7 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.23.7 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.23.7 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.8 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.2.7

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.7 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.7 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.7 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.7 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.7 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-3676 k8s.io/kubernetes HIGH v1.23.7 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.23.7 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.23.7 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.7 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.2.6

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.6 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.6 (ubuntu 20.04)

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.6 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.6 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.6 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-3676 k8s.io/kubernetes HIGH v1.23.7 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.23.7 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.23.7 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.6 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253 github.com/docker/distribution HIGH v2.8.1+incompatible 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2023-28840 github.com/docker/docker HIGH v20.10.16+incompatible 20.10.24, 23.0.3 https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220606160615-c6abaf5e5fd6 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.2.5

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.5 (alpine 3.17.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464 libssl3 HIGH 3.0.8-r0 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.8-r0 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.5 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.5 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.5 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.5 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.5 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.52.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.2.4

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.4 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464 libcrypto3 HIGH 3.0.7-r2 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.7-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2022-4450 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464 libssl3 HIGH 3.0.7-r2 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.7-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.4 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.4 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.4 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.4 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.2.3

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.3 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464 libcrypto3 HIGH 3.0.7-r2 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.7-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2022-4450 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464 libssl3 HIGH 3.0.7-r2 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.7-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.3 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.3 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.3 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.3 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.3 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464 libssl1.1 HIGH 1.1.1t-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-41723 golang.org/x/net HIGH v0.5.0 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.5.0 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.2.2

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.2 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464 libcrypto3 HIGH 3.0.7-r2 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.7-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2022-4450 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464 libssl3 HIGH 3.0.7-r2 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.7-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.2 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.2 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.2 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.2 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.2.1

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.1 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464 libcrypto3 HIGH 3.0.7-r2 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.7-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2022-4450 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464 libssl3 HIGH 3.0.7-r2 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.7-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.1 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.1 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.1 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.1 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.2.0

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.0 (alpine 3.16.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.0 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.0 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.0 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.0 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.2 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Latest 2.1.x gloo mesh enterprise Release: 2.1.5

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.5 (alpine 3.17.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401 libcrypto3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464 libcrypto3 HIGH 3.0.7-r2 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libcrypto3 HIGH 3.0.7-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2022-4450 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401 libssl3 HIGH 3.0.7-r2 3.0.8-r0 https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464 libssl3 HIGH 3.0.7-r2 3.0.8-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363 libssl3 HIGH 3.0.7-r2 3.0.12-r0 https://avd.aquasec.com/nvd/cve-2023-5363

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.5 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.5 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.5 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.5 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.5 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.1.4

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.4 (alpine 3.16.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.4 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.4 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.4 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.4 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.1.3

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.3 (alpine 3.16.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.3 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.3 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.3 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.3 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.3 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.1.2

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.2 (alpine 3.16.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-23914 curl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 curl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914 libcurl CRITICAL 7.83.1-r4 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r4 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551 libcurl HIGH 7.83.1-r4 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r4 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r4 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r4 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.2 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.2 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.2 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.2 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.1.1

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.1 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32221 curl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914 curl CRITICAL 7.83.1-r2 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r2 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915 curl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 curl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551 curl HIGH 7.83.1-r2 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r2 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r2 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r2 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1q-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32221 libcurl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914 libcurl CRITICAL 7.83.1-r2 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r2 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915 libcurl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 libcurl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551 libcurl HIGH 7.83.1-r2 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r2 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r2 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r2 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1q-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309 libxml2 HIGH 2.9.14-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.1 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.1 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.1 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.18.4, 1.17.7, 1.16.11 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955 k8s.io/kubernetes HIGH v1.13.0 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528 k8s.io/kubernetes HIGH v1.13.0 1.28.4, 1.27.8, 1.26.11, 1.25.16 https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.1 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-otel-controller image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

Release 2.1.0

gloo mesh enterprise enterprise-networking image

No scan found

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.0 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32221 curl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914 curl CRITICAL 7.83.1-r2 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 curl CRITICAL 7.83.1-r2 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915 curl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 curl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551 curl HIGH 7.83.1-r2 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 curl HIGH 7.83.1-r2 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 curl HIGH 7.83.1-r2 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 curl HIGH 7.83.1-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 curl HIGH 7.83.1-r2 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1q-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32221 libcurl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914 libcurl CRITICAL 7.83.1-r2 7.83.1-r6 https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545 libcurl CRITICAL 7.83.1-r2 8.4.0-r0 https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915 libcurl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 libcurl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551 libcurl HIGH 7.83.1-r2 7.83.1-r5 https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533 libcurl HIGH 7.83.1-r2 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534 libcurl HIGH 7.83.1-r2 8.0.1-r0 https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319 libcurl HIGH 7.83.1-r2 8.1.0-r0 https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039 libcurl HIGH 7.83.1-r2 8.3.0-r0 https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450 libssl1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1q-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1q-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999 libwebp HIGH 1.2.3-r0 1.2.3-r1 https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863 libwebp HIGH 1.2.3-r0 1.2.3-r2 https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309 libxml2 HIGH 2.9.14-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2023-29491 ncurses-libs HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491 ncurses-terminfo-base HIGH 6.3_p20220521-r0 6.3_p20220521-r1 https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r1 https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487 nghttp2-libs HIGH 1.47.0-r0 1.47.0-r2 https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409 pcre2 HIGH 10.40-r0 10.42-r0 https://avd.aquasec.com/nvd/cve-2022-41409
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-0286 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286 openssl HIGH 1.1.1-1ubuntu2.1~18.04.20 1.1.1-1ubuntu2.1~18.04.21 https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.0 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.0 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.7.0 https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.17.0 https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g google.golang.org/grpc HIGH v1.49.0 1.56.3, 1.57.1, 1.58.3 https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.1.13, 1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20220516185659-202e88863858 1.13.1, 1.12.4, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.0 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-4450 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libcrypto1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r0 https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464 libssl1.1 HIGH 1.1.1s-r0 1.1.1t-r1 https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2023-29002 github.com/cilium/cilium HIGH v1.11.5 1.11.16, 1.12.9, 1.13.2 https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272 github.com/deislabs/oras HIGH v0.8.1 0.9.0 https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.7.0-rc.0 https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253 github.com/docker/distribution HIGH v0.0.0-20191216044856-a8371794149d 2.8.2-beta.1 https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315 github.com/graphql-go/graphql HIGH v0.8.0 0.8.1 https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561 github.com/opencontainers/runc HIGH v1.1.1 1.1.5 https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721 golang.org/x/net HIGH v0.0.0-20220722155237-a158d28d115b 0.1.1-0.20221104162952-702349b0e862 https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723 golang